Database Encryption for HIPAA and HITECH Compliance

Home / Encryption / Encryption solution / Database Encryption for HIPAA and HITECH Compliance

image shows a logo of HIPAA and HITECH

What is HIPAA?

Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress in 1996. HIPAA specifies laws for the protection and use of Personal (or Protected) Health Information (PHI) which is essential for your medical record.

What is HITECH?

Health Information Technology for Economic and Clinical Health Act (HITECH) was signed into law on February 17, 2009, to promote the adoption and meaningful use of health information technology and to update HIPAA rules. This law is expanded to reference Internet and VoIP technology, compared to HIPAA which is limited to storage media (tape and disk). Penalties for unsecured PHI can go up to $250,000 with repeat violations extending up to $1.5 million.

MyDiamo Helps Your Company Comply with HIPAA and HITECH

Encrypting confidential patient data, medical records, Personal (or Protected) Health Information (PHI) and Electronic Health Records (EHR) are strongly recommended to comply with HIPAA and HITECH. Penta Security Systems’ MyDiamo helps you support HIPAA by providing encryption, access control and auditing functions to your database.

HIPAA Rules Related to Database Encryption

§164.306 Security Standards: General Rules

164.306(a)(1) Ensure the confidentiality, integrity, and availability of all electronic protected health information the covered entity creates, receives, maintains, or transmits.

164.306(a)(2) Protect against any reasonably anticipated threats or hazards to the security or integrity of such information

§164.312 Technical safeguards

164.312(a)(2)(iv) Encryption and decryption (Addressable). Implement a mechanism to encrypt and decrypt electronic protected health information.

Penta Security Systems’ MyDiamo Includes Features to Help Comply with HIPAA and HITECH

The database encryption market usually provides solutions with file-level encryption, which can be provided independently of DBMS type. However, file-level encryption cannot provide partial encryption to data. Even if you need to mask a part of the data such as social security number or password, you need to encrypt the whole file which can be very inconvenient.

However, MyDiamo provides column-level encryption using trusted standard encryption algorithms such as AES, TDES, etc. Column-level encryption provides context-aware encryption security. Also, since MyDiamo operates parallel to the DBMS engine, it provides transparent encryption so that developers can make use of encryption without excessive application modifications. These features are what differentiate MyDiamo from other solutions and help you comply with HIPAA rules 164.312.

In addition, MyDiamo provides a one-way encryption, or keyed hash function which is the safest method to protect authentication data. MyDiamo can also support partial encryption, allowing for indexing without performance degradation even after encryption.

Although HIPAA focused on physical and administrative safeguards on PHI as well as technical safeguards, HITECH law is more focused on securing medical data in digital forms. Along with MyDiamo’s database encryption functions, access control and audit functions are very suitable for those who want to comply with HIPAA and HITECH law.

Comprehensive encryption security for open source databases. We provide transparent and column-level encryption, key management, and access control and auditing for MySQL, MariaDB, and PerconaDB.
Related Posts