HIPAA HITECH Compliance

Home / HIPAA HITECH Compliance

HIPAA/HITECH Compliance

#fancy-title-5a5f4967ddbc2 a{ color: #274e75; }

What is HIPAA/HITECH?

#fancy-title-5a5f4967dde95 a{ color: #274e75; }
HIPAA stands for Health Insurance Portability and Accountability Act. It was enacted in 1996, and addressed the fact that that health care organizations (including covered entities and business associates) should protect the privacy and security of health information, providing individuals with certain rights with respect to their health information. The HIPAA Security Rule mandates health care organizations to implement technical safeguards to protect ePHI (electronic protected health information).
HITECH stands for Health Information Technology for Economic and Clinical Health Act. It was enacted in 2009 in response to the health technology development of electronic health information. It broadens the scope of privacy and security protections listed under HIPAA and also increases the repercussions and enforcement potential for noncompliance.
.page-section-5a5f4967dcf0b { padding:10px 0; background-attachment:; background-attachment: scroll\9 !important; background-position:left top; background-repeat:repeat; } .page-section-5a5f4967dcf0b .alt-title span { } .page-section-5a5f4967dcf0b.section-expandable-true:not(.active-toggle):hover .mk-section-color-mask { opacity:0.2 !important; } .page-section-5a5f4967dcf0b .expandable-section-trigger i { opacity:1; top:0 !important; }

HIPAA/HITECH Compliance with MyDiamo

#fancy-title-5a5f4967df024 a{ color: #274e75; }
MyDiamo enables users to meet HIPAA Security Rule and HITECH compliance requirements through the provision of these three functions: Encryption, Access control, and Auditing.

Encryption

#fancy-title-5a5f4967df55b a{ color: #274e75; }
MyDiamo provides transparent encryption with high performance. Since MyDiamo operates parallel to the DBMS engine, it does not require any application modifications such as code or logic changes. Users can implement encryption with a one-time installation. Also, its column-level encryption, with trusted standard algorithms such as AES and TDES with 256bits, enables users to only encrypt the necessary segments of data. This selectivity improves the performance of DBMS even after encryption.

Access Control

#fancy-title-5a5f4967dfa09 a{ color: #274e75; }
Even after encryption, it is essential to only allow authorized user access to the data, otherwise, encryption won’t be effective. Therefore, access control needs to be implemented for secure encryption. MyDiamo allows users to define or restrict rights to access data by both the account and IP address.

Auditing

#fancy-title-5a5f4967dfeb0 a{ color: #274e75; }
MyDiamo provides auditing functions which record access and deny logs to data. It is important for risk analysis, especially when monitoring data falsification or determining security violations are at large. Furthermore, auditing can help prevent data breaches caused by malicious insider accounts.

Key Management with D’Amo KMS

#fancy-title-5a5f4967e0351 a{ color: #274e75; }
D’Amo KMS is a component of D’Amo, Penta Security’s encryption solution, which provides secure key management. D’Amo KMS is an appliance-type solution that can manage MyDiamo’s encryption/decryption keys. This means encryption/decryption keys are stored in a separate server from the DB server. D’Amo KMS manages the whole lifecycle of keys including creation, storage, distribution, and disposal. In addition, it provides access control and auditing as well. If you need more information regarding D’Amo KMS, please contact us at mydiamo@pentasecurity.com
.page-section-5a5f4967de6f7 { padding:10px 0; background-attachment:; background-attachment: scroll\9 !important; background-position:left top; background-repeat:repeat; } .page-section-5a5f4967de6f7 .alt-title span { } .page-section-5a5f4967de6f7.section-expandable-true:not(.active-toggle):hover .mk-section-color-mask { opacity:0.2 !important; } .page-section-5a5f4967de6f7 .expandable-section-trigger i { opacity:1; top:0 !important; }

Detailed HIPAA/HITECH Compliance Requirements met with MyDiamo

#fancy-title-5a5f4967e10fe a{ color: #274e75; }

HIPAA Requirements Sections MyDiamo Capabilities
Risk Management 164.308(a)(1)(ii)(A)
164.308(a)(1)(ii)(B)
MyDiamo can reduce risks and vulnerabilities from unauthorized access and malicious insiders.
Access Management 164.308(a)(4)(ii)(B)
164.308(a)(4)(ii)(C)
164.312(a)(2)(A)
164.312(c)
Privileges should be granted so that only authorized users can access data. Users can selectively give rights to data based on the user account and IP.
Encryption & Decryption 164.312(a)(2)(iv)
164.312(e)(2)(ii)
MyDiamo provides column-level encryption, which allows higher performance by enabling users to encrypt only necessary parts. Operated parallel to the engine, it does not require any code modification. The process is also called transparent encryption.
Key Management 164.312(a)(2)(iv)
164.312(e)(ii)
D'Amo KMS provides the secure key management. It manages all MyDiamo keys with access control and auditing functions.
Audit Control & Monitoring 164.308(a)(1)(ii)(D)
164.308(a)(5)(ii)(C)
164.308(a)(6)
164.312(b)
MyDiamo provides auditing functions which consist of recording access, deny, and query logs to data. It helps users look into unauthorized attempts and abnormal activities by insiders so that they can prevent or analyze incidents.
.page-section-5a5f4967e08b1 { padding:10px 0; background-attachment:; background-attachment: scroll\9 !important; background-position:left top; background-repeat:repeat; } .page-section-5a5f4967e08b1 .alt-title span { } .page-section-5a5f4967e08b1.section-expandable-true:not(.active-toggle):hover .mk-section-color-mask { opacity:0.2 !important; } .page-section-5a5f4967e08b1 .expandable-section-trigger i { opacity:1; top:0 !important; }