What is HIPAA?
The Health Insurance Portability and Accountability Act (HIPAA) applies to any healthcare
provider, health plan, and clearing house that electronically maintains or transmits
health information pertaining to individuals. HIPAA was designed to promote healthcare
standards for patient confidentiality, provide an incentive for electronic communications,
create consistent industry standards and reduce administrative costs of healthcare.
The Standards for the Security of Electronic Protected Health Information (the “Security
Rule”) went into effect in April of 2006. The Security Rule requires health care
providers, health plans and clearing houses to have data security standards in place.
The Security Rule and Data Backup
Many of the Security Rule’s standards apply to the backup of data. Health care providers,
health plans and clearing houses must have a contingency plan that will:
“Establish (and implement as needed) policies and procedures for responding to an
emergency or other occurrence (for example fire, vandalism, system failure, and
natural disaster) that damages systems that contain electronic protected health
information.”
This contingency plan must include a data backup plan, a disaster recovery plan,
and emergency mode operation plan. They must also have certain physical safeguards,
such as facility access controls. The Security rule is further detailed through
18 technical standards and 36 implementation specifications not covered in this
document.
Technical Safeguards Required
Health care providers, health plans and clearing houses must also implement the
following technical safeguards: Encrypt and decrypt electronic protected health
information, limit access to electronic protected health information, put audit
controls in place that record and examine activity in information systems that contain
electronic protected health information, and implement technical security measures
to guard against unauthorized access to electronic protected information that’s
being transmitted over an electronic communications network.
Abletek’s Backup and Disaster Recovery Solutions are the Answer
Abletek can supply any health care provider with a backup and disaster recovery
solution that will meet HIPAA compliance requirements. Abletek can provide local
encryption and all data is encrypted as it moves from the Abletek device to our
off-site data centers. Data is never accessible without an encryption key. Abletek
employees cannot access the files or read without the key.
Encryption is Key
Abletek encrypts files by using Advanced Encryption Standard (AES) encryption technology.
AES encryption was developed by the U.S. National Institute of Standards and Technology
(NIST) and is now the state-of-the-art standard encryption technique for both commercial
and government applications. AES is the best choice for protecting electronic protected
health information (ePHI) because of its encryption algorithm, its strength and
its speed. To meet the Security’s Rule’s transmission requirements, each encrypted
file is then sent over the Internet via a secure channel using AES 256 encryption
and Secure Sockets Layer SSL technology. As a result, the data is encrypted twice
and is also encrypted both to and from Abletek’s secure bi-coastal data centers.
Archiving and Restoring
Abletek keeps all data archived off-site for one calendar year. In addition, all
data is stored on the clients physical server, laptop, desktop, etc., the local
Abletek device, and then also in Abletek’s bi-coastal data centers. This creates
a redundancy that other BDR hardware and software cannot match. This redundancy
provides IT Service Providers and end-users alike with the comfort of knowing they
have a solution that offers them complete business continuity. Restoration is also
an important element of HIPAA compliance. Backups that cannot be restored quickly
and easily will eliminate the advantage of taking backups at all. In the event of
a disaster, businesses need to get back up and running as fast as possible. Abletek’s
solutions can quickly restore files and return them to their original location in
a decrypted and uncompressed form.
Disclaimer
Nothing in this document is intended to constitute as legal advice. For more information
about HIPAA and compliance with HIPAA requirements, please consult your legal counsel.
For more information on Abletek solutions, please contact the sales department by
phone at 713-455-1888, toll free at 1-866-530-2253, or email
sales@Abletek.com.
Take a Proactive Approach
When taking on a health care provider as a client, the main goal is to ensure that
their patients’ data and privacy is secure. Recently, HIPAA violations have made
the headline news and it is important to be aware of HIPAA guidelines, especially
if you have multiple health care clients. MSPs and VARs will need to work closely
with health care providers to better understand their challenges, so they can provide
the right solution.
Considerations MSPs & VARs Need to Address Before Selling a Solution:
- What kind of solution is the client looking for?
- What data needs to be encrypted?
- How much monitoring is required to avoid policy infringement?
- Who is responsible for managing the encrypted data and keys?
- How will patients access personal information that has been encrypted?
- How will vendors/suppliers/other offices/etc. be impacted?
What Health Care Providers are Looking For From a MSP or VAR:
- Can you provide them with a complete end-to-end solution?
- Do the offered solutions support technology upgrades?
- Does the MSP/VAR understand the changing regulatory environment?
- Technology changes quickly, so can MSPs/VARs stay one step ahead of the curve?
- Can the MSP/VAR give support and assistance when needed?
- Will the MSP/VAR stay involved over the long-term and look for opportunities to
anticipate
- future needs?