HIPAA HITECH Compliance

Home / HIPAA HITECH Compliance

HIPAA/HITECH Compliance

#fancy-title-58fce8a31e47f a{ color: #274e75; }

What is HIPAA/HITECH?

#fancy-title-58fce8a31e669 a{ color: #274e75; }
HIPAA stands for Health Insurance Portability and Accountability Act. It was enacted in 1996, and addressed that health care organizations (including covered entities and business associates) should protect privacy and security of health information, and provide individuals with certain rights with respect to their health information. The HIPAA Security Rule mandates health care organizations to implement technical safeguards to protect ePHI (electronic protected health information).
HITECH stands for Health Information Technology for Economic and Clinical Health Act. It was enacted in 2009 in response to health technology development of electronic health information. It broadens the scope of privacy and security protections listed under HIPAA and also increases the repercussions and enforcement potential for noncompliance.
.page-section-58fce8a31de15 { padding:10px 0; background-attachment:; background-attachment: scroll\9 !important; background-position:left top; background-repeat:repeat; } .page-section-58fce8a31de15 .alt-title span { } .page-section-58fce8a31de15.section-expandable-true:not(.active-toggle):hover .mk-section-color-mask { opacity:0.2 !important; } .page-section-58fce8a31de15 .expandable-section-trigger i { opacity:1; top:0 !important; }

HIPAA/HITECH Compliance with MyDiamo

#fancy-title-58fce8a31f18b a{ color: #274e75; }
MyDiamo enables user to meet HIPAA Security Rule and HITECH compliance requirements providing three functions: Encryption, Access control, and Auditing.

Encryption

#fancy-title-58fce8a31f58a a{ color: #274e75; }
MyDiamo provides transparent encryption with higher performance. Since MyDiamo operates parallel to the DBMS engine, it does not require any application modifications such as code or logic change. Users can implement encryption with a one-time installation. Also, its column-level encryption, with trusted standard algorithms such as AES and TEDS with 256bits, enables users to only encrypt the necessary segments of data. This selectivity improves the performance of DBMS even after encryption.

Access Control

#fancy-title-58fce8a31f91c a{ color: #274e75; }
Even after encryption, it is essential to only allow authorized user access to the data, otherwise, the encryption won’t be effective at all. Therefore, access control needs to be performed for secure encryption. MyDiamo allows users to define or restrict right to access data by both the account and IP address.

Auditing

#fancy-title-58fce8a31fcae a{ color: #274e75; }
MyDiamo provides auditing functions which records access and deny logs to data. It is important for risk analysis, especially when monitoring data falsification or determining security violations. Furthermore, it could help prevent data breaches caused by a malicious insider account.

Key Management with SG-KMS

#fancy-title-58fce8a31fffb a{ color: #274e75; }
SG-KMS is one of D’Amo components providing the most secure key management solution. SG-KMS is an appliance-type solution that manages MyDiamo’s encryption/decryption keys. This means encryption/decryption keys are stored in separate server from DB server. SG-KMS provides a systematic key management solution that manages the whole lifecycle of keys including creation, storage, distribution, and disposal. In addition, it provides access control and auditing as well. If you need more information, please contact us at mydiamo@pentasecurity.com
.page-section-58fce8a31ec11 { padding:10px 0; background-attachment:; background-attachment: scroll\9 !important; background-position:left top; background-repeat:repeat; } .page-section-58fce8a31ec11 .alt-title span { } .page-section-58fce8a31ec11.section-expandable-true:not(.active-toggle):hover .mk-section-color-mask { opacity:0.2 !important; } .page-section-58fce8a31ec11 .expandable-section-trigger i { opacity:1; top:0 !important; }

Detailed HIPAA/HITECH Compliance Requirements met with MyDiamo

#fancy-title-58fce8a320970 a{ color: #274e75; }

HIPAA Requirements Sections MyDiamo Capabilities
Risk Management 164.308(a)(1)(ii)(A)
164.308(a)(1)(ii)(B)
MyDiamo can reduce risks and vulnerabilities from unauthorized access and malicious insiders.
Access Management 164.308(a)(4)(ii)(B)
164.308(a)(4)(ii)(C)
164.312(a)(2)(A)
164.312(c)
Privileges should be granted so that only authorized users can access the data. Users can selectively give rights to see data based on the user and IP.
Encryption & Decryption 164.312(a)(2)(iv)
164.312(e)(2)(ii)
MyDiamo provides column-level encryption, which allows higher performance by enabling users to encrypt only necessary parts. Also it is operated parallel to the engine so it does not require any code modification, which is also called transparent encryption.
Key Management 164.312(a)(2)(iv)
164.312(e)(ii)
SG-KMS provides the most secure key management solution. It manages all MyDiamo keys with access control and auditing functions.
Audit Control & Monitoring 164.308(a)(1)(ii)(D)
164.308(a)(5)(ii)(C)
164.308(a)(6)
164.312(b)
MyDiamo provides auditing which consists of recording access, deny, and query logs to data. It helps users look into unauthorized attempts and abnormal activities by insiders so that they can prevent or analyze incidents.
.page-section-58fce8a3203bb { padding:10px 0; background-attachment:; background-attachment: scroll\9 !important; background-position:left top; background-repeat:repeat; } .page-section-58fce8a3203bb .alt-title span { } .page-section-58fce8a3203bb.section-expandable-true:not(.active-toggle):hover .mk-section-color-mask { opacity:0.2 !important; } .page-section-58fce8a3203bb .expandable-section-trigger i { opacity:1; top:0 !important; }