This document details the mandated and proposed rules generally referred to as the "HIPAA requirements" and how they affect healthcare organizations and their business partners transmit medical information electronically.
Addressing HIPAA
Compliance IssuesTechnical White Paper
1875 S. Grant Street, 10th Fl. | San Mateo, CA 94402 | (800) 475-8226 | www.sigaba.comSIGABA | WHITE PAPER | ADDRESSING HIPAA COMPLIANCE ISSUES | TABLE OF CONTENTS
Addressing HIPAA Compliance Issues
Introduction 3
Opportunity 4
Regulations 4
HIPAA and Related Acts 4 Privacy Standards 4Security Standards 5 Impacted Organizations 5Liability 6 Other Relevant Issues 6
Security Requirements 6Administrative Requirements 6 Physical Security Requirements 9Technical Security Services 10 Technical Security Mechanisms 11Electronic Signature Standards 12
Sigaba's Security Solutions 15Sigaba Secure Email 15 Sigaba Secure Statements 16Global Authentication 16
Conclusions 17
References 18
All information in this document is subject to change without notice. This document is provided for informational purposes only and Sigaba® makes no warranties, either express or implied, in this document.SIGABA | WHITE PAPER | ADDRESSING HIPAA COMPLIANCE ISSUES | PAGE 3
INTRODUCTION facing healthcare organizations [Joseph Godert, As with all other businesses, healthcare organizations "The Dawn of HIPAA", Health Data Management have, or are, moving rapidly toward transmission of Magazine, April 2000]. Also affected are the myriad information over the Internet to take advantages of the organizations outside the healthcare industry that must associated ?exibility, speed, and inherent cost-savings. handle individual patient data as part of their business However, with the bene?ts of electronic information - including legal, ?nancial, insurance and outsourced IT transfer come the regulations and liabilities associated infrastructure organizations (e.g. ASPs).with privacy and unauthorized access of data, most Existing players in the electronic security industry notably in the form of the Health Insurance Portability are positioning their current product lines as 'HIPAA and Accountability Act of 1996 (HIPAA). solutions', bringing to bear large-scale deployments of A major component of HIPAA addresses administrative complex technologies such as Public Key Infrastructure simpli?cation of how healthcare information is handled. (PKI). Without exception these approaches are expensive, Speci?cally, HIPAA and the related proposed Standards resource intensive to install and maintain, dif?cult for Security and Electronic Signatures (SES) aim to and constraining to use, and not suited for mixed standardize how electronic patient data is accessed as communication with organizations and individuals.well as transmitted between organizations. For healthcare providers and insurers who need to SES mandates requirements in ?ve broad areas: ensure their organizations are fully HIPAA compliant, . Administrative Requirements - covering certi?cation, SigabaT offers an email security solution that ensures policies, controls and auditing the security of their communication and mitigates
. Physical Security Requirements - governing and auditing potential legal exposure. Unlike existing products, physical access to systems and media Sigaba installs in about a half a day and features simple, highly automated administration.. Technical Security Services - systems and software used to protect electronic data Sigaba's solutions are almost completely transparent . Technical Security Mechanisms - including network to end-users and require little or no end-user training. access controls, alarms, auditing and reporting Sigaba upholds comprehensive interoperability with its
. Electronic Signature Standards - auditing and non- standards-based software that works with all leading
repudiation of electronic transactions email platforms, email servers and clients, authentication approaches and techniques, fully leveraging existing With the entry of HIPAA into the Federal Register on IT investments. The solutions offer complete policy 28 December 2000, healthcare organizations of all control that enables system administrators to enforce sizes must move to comply with its mandates - by security policies and provide rigorous, end-to-end April 14, 2003 for large organizations - and April 14, security based on the Federal Advanced Encryption 2004 for small organizations. Never in US history has Standard, AES.such a sweeping set of electronic secu... [download for more]
