About HIPAA
The Health Insurance Portability and Accountability Act (HIPAA) was
signed into law in 1996 with the original intent of protecting
health insurance information when workers changed or lost their
jobs. As the internet evolved in the mid 1990's HIPAA
requirements coincided with the internet revolution and offered an
easy, available vehicle to enable the digital exchange of healthcare
information.
But the idea of passing individual
health records across the public Internet prompted concerns about
the privacy and security of patient-identifiable information.
Protected Health Information (PHI) and HIPAA rules were
further refined to include a security standard for sharing PHI over
the Internet.
On April 14, 2003, the privacy
protection provisions of the HIPAA legislation go into effect and
pose a
major compliance challenge for the The Health Care industry.
The privacy provisions in HIPAA include:
-
protection against the unauthorized
disclosure of a patient’s “individually identifiable health
information.”
-
Each instance of unauthorized
disclosure by a health care provider is punishable by fines
ranging from $10,000 to $25,000.
-
Each instance of intentional
unauthorized disclosure is punishable by fines ranging from
$100,000 to $250,000 and possible jail time for those who violate
the provisions.
The HIPAA Security Standard contains two subparts that relate
directly to data integrity, data access and mechanisms for handling
data. These include:
-
45 CFR Part 142, § 142.308 (c). “Technical security
services to guard data integrity, confidentiality and availability.” These are processes that protect
information and control individual access to information.
-
45 CFR Part 142, § 142.308 (d). “Technical security
mechanisms.” These are
controls that prevent unauthorized access to information that is
transmitted across
an internal network or across the public Internet.
Authora's Solutions for
HIPAA Security Standard
requirements
Authora's information security
software enables healthcare organizations to transmit healthcare
records over internal networks or the public Internet in compliance
with these HIPAA security requirements. Authora
Sovereign Server can be used for
HIPAA compliance and provides for policy-driven, secure transactions
and e-messaging for both inbound and outbound communications and
transactions.
Implications of
HIPAA for Email
The part most relevant to email
is the rule requiring "securing patient records containing
individually identifiable health information so that they are not
readily available to those who do not need them." The rules do not
specify which technologies should be used to preserve
confidentiality of patient records, so individual health care
facilities can chose which technologies will best suit their needs
while being secure enough to prevent improper access to patient
records.
Authora’s secure messaging solutions meet the
following key requirements for exchanging PHI over the Internet:
·
Applies encryption, Authentication, and authorization
controls to e-mail,
attachments, webforms, or webpages to ensure their
integrity
·
Secures e-mail or other data without impacting an
organization’s existing workflow. Policies and Middleware works with
existing content scanning engines, mail servers, or webservers and
applies HIPAA compliance protection based on specific terms such as
patient social security numbers. (See
Preserving a Healthcare Entity’s Existing Workflow below)
·
Enables data to be protected and delivered by
securing middleware Web servers, Mail Servers or Mail Clients.
Recipients can view and reply to protected e-mail or webforms using
a standard Web browser
·
Extends protection to e-mail after it’s delivered to
a recipient’s Inbox. This protection includes the ability to track
and audit message activity; and, expire e-mail or data.
·
Provides auditing capabilities to ensure that patient
information has been properly disclosed in accordance with existing
corporate policies
·
Provides “plug-and-play” integration with an
organization’s existing Authentication infrastructure
Preserving a Healthcare Entity’s Existing Workflow
One of the most critical messaging requirements for
any healthcare organization is the ability to secure content
transparently without impacting an entity’s existing workflow.
Organizations don’t want to affect the manner in
which users send or receive data.. Authora addresses this issue by
integrating with backend systems and end users computers seamlessly.
An e-mail scanning engine typically resides between an
organization’s mail server and the Internet and scans messages for
inappropriate language, viruses and other functions. Authora’s
secure messaging solution works in concert with content scanning
engines and outbound e-mail containing PHI can be directed to the
Authora Sovereign Server. Messages that contain PHI are encrypted
and protected on Authora’s EDGE (encrypted Data Gateway Engine)
Server and delivered to the recipient.
Zendit—secure email
solution can comply with parts of the
HIPAA
rules
Zendit for securing email is used for
site-to-site or end-to-end encryption which can prevent snooping of
patient records between the two sites. Zendit can also be used for
sending mail directly to patients.
Authora's
Zendit Service for HIPAA compliance is generally used by small offices
(1 to 20 employees) and can be
licensed and downloaded NOW.
Zendit Service provides secure e-messaging for both inbound and outbound
email communications.
If you are a healthcare company or a
healthcare provider, then complying
with
HIPAA
privacy and security regulations is easier than you imagine.
Download Zendit for HIPAA compliance. Zendit is easy to use desktop
software for protecting the sanctity of health records.
For a enterprises in need of a policy driven framework check out
Sovereign Platform.
Key features/benefits
-
Seamless integration with existing
email systems and multiple web-applications
-
Intuitive UI for end users
(encryption, decryption, and digital signatures)
-
Intuitive Key Management
-
No new email address required
-
Encryption policies can be set for
your entire enterprise, down to departments or individuals
-
Extendable to secure web-forms
-
Text branding for customized header
and footer messages
Zendit Digital Signatures
Authorizations are collected today
using an expensive process dependant on collecting “wet signatures”
on paper documents that are often lost or misplaced over time.
Sovereign addresses the issue
of HIPAA compliance by providing easy to use software that protects
and manages the authorized release of health care information,
including obtaining electronic signatures from those authorizing
release and from those to whom the information is released.
Confidentiality
Sovereign includes a simple and
intuitive desktop client for encryption, decryption and digital
signatures and server side bulk encryption and decryption.
Want to take action? Try
Zendit for HIPAA compliance now! (best for small offices of 1 to 20
employees)
