+1.408.520.4937 | Blog | Support
Cloud Data Protection Solution | CipherCloud
  • Products
    Technologies
    Products
    • CipherCloud Gateway
    • CipherCloud for Salesforce
    • CipherCloud for Chatter
    • CipherCloud for Gmail
    • CipherCloud for AWS
    • Cloud Encryption
    • Cloud Tokenization
    • Cloud Audit
    • Cloud Malware Protection
  • Solutions
    Industries
    Compliance
    • Data Residency
    • ITAR
    • PCI
    • Financial Services
    • Healthcare
  • Partners
    • Partner Overview
  • Customers
    • CipherCloud Customers
  • Learning Center
    • Breach Watch
    • Featured Content
    • Webinars
    • White Papers
    • Product Content
    • Case studies
  • Company
    • About CipherCloud
    • Leadership
    • Press Releases
    • In the News
    • Events
    • Advisors
    • Awards
    • Investors
    • Careers
    • Contact Us
Products
Solutions
Data Residency
ITAR
PCI
Financial Services
Healthcare
Partners
Customers
Learning Center
Company

Healthcare

Overview

US organizations that transmit an individual’s protected health information (PHI) across electronic systems are required to meet Health Insurance Portability and Accountability Act of 1996 (HIPAA) requirements. HIPAA requires covered entities (CE) to assure their customers that the integrity, confidentiality, and availability of PHI information they collect, maintain, use, or transmit is protected.

The Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009, was signed into law on February 17, 2009, to promote the adoption and meaningful use of health information technology. Subtitle D of the HITECH Act addresses the privacy and security concerns associated with the electronic transmission of health information, in part, through several provisions that strengthen the civil and criminal enforcement of the HIPAA rules.

Highlights

Encryption: The HIPAA encryption standard specified in the security rule is deemed "addressable", which means that the CE must either implement encryption or come up with a ‘reasonable and appropriate’ solution to meet the regulatory requirement. As encryption technologies have developed and become more affordable, it is becoming more difficult to take the position that there are any 'reasonable and appropriate' alternatives to encryption.

To add to the already complicated interpretation of the rules, the recent HITECH Act specifies severe civil and criminal penalties for breaches of unsecured PHI, and further states that these penalties do not apply if data is encrypted or otherwise rendered unusable, unreadable, or indecipherable. Additionally, CEs are required to notify individuals of any unauthorized acquisition, access, use, or disclosure of unsecured PHI.

Auditing: The Technical Safeguards section of the HIPAA Security Rule states that CEs must “Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.”

HIPAA’s Impact on Cloud Computing

Prior to the introduction of the HITECH Act, several cloud solution providers (CSPs) claimed that they did not fall under the HIPAA provisions, since they were not classified as CEs or business associates. However many third-party data repositories and health information networks now fall into the expanded definition of ‘business associates’.

Why CipherCloud

As a pioneer in cloud data protection, CipherCloud provides various highly secure AES-based encryption and tokenization options to replace sensitive information with anonymous values that respect formatting, and preserve all native features and functionality of compatible cloud solutions, such as searching, sorting, and reporting. Customers retain full control of data and encryption keys within their enterprise network. Additional key characteristics of CipherCloud include:

  • Support for key rotation
  • Centralized logging and auditing of user activities in the cloud
  • Rapid configuration and deployment
  • Stateless and high-performance architecture
  • Subscription based pricing that eliminates up-front capital expenditure

Conclusion

According to “The 2010 Annual Study: U.S. Cost of a Data Breach”, the cost of data breach is estimated at $214 per compromised record. By implementing CipherCloud, you can reap the benefits of migrating applications containing PHI to the cloud, such as reduced cost, faster deployment, agility, and scalability, while ensuring compliance with HIPAA:

  • Avoid millions of dollars in expenses, civil and criminal penalties resulting from PHI breach
  • Protect organizational reputation and brand, since HIPAA breach notification laws do not apply to encrypted data
"As electronic communication and storage of sensitive healthcare information is growing by leaps and bounds, CipherCloud's innovative technology has helped our healthcare customers meet their pressing data protection and compliance needs, while maximizing efficiency and cost savings that cloud computing offers.”

– Leo Corcoran, CEO, ClaimVantage Inc.

Products

CiperCloud Gateway

CipherCloud for Salesforce.com

CipherCloud for Amazon Web Services

CipherCloud for Gmail

Technologies

Encryption

Tokenization

Malware Detection

Cloud Audit

Solutions

Data Residency

ITAR

PCI

Learning Center

Breach Watch

Featured Content

Understanding Cloud Security

Product Content

Case studies

Company

About CipherCloud

Awards

Customers

Partners

Press Releases

Careers

Contact Us

Follow Us
Share to FacebookLikedInShare to Twitter
Copyright 2012 CipherCloud
Login