Health Insurance Portability & Accountability Act (HIPAA)
Discover, protect and securely erase patient data – meeting HIPAA's safeguards for ePHI throughout its lifecycle.
Meet HIPAA’s Data Protection Requirements with Jetico’s Solutions
Want to know what’s happening in real time? There are almost 2 HIPAA breaches every single day. View all reported incidents from the U.S. HHS/OCR Breach Portal.
The Health Insurance Portability and Accountability Act (HIPAA) establishes rules for safeguarding the privacy and security of protected health information (PHI) and electronic protected health information (ePHI). For healthcare providers, health plans and their business associates, complying with HIPAA is both a legal obligation and a cornerstone of ethical patient care.
Before patient data can be protected or erased, it must first be located. A practical HIPAA strategy spans the data lifecycle: data discovery, encryption, access control and secure data wiping.
HIPAA Encryption
- Encryption is specifically addressed in HIPAA:
§ 164.312(a)(2)(iv) – Access Control
Requires the implementation of a mechanism to encrypt and decrypt ePHI when considered appropriate.
§ 164.312(e)(2)(ii) – Transmission Security
Requires the implementation of a mechanism to encrypt ePHI when considered appropriate. This guards against unauthorized access during transmission over electronic communications networks. - To help your organization with HIPAA compliance, we offer BestCrypt Container Encryption to safeguard files and folders and BestCrypt Volume Encryption to protect entire hard drives.
HIPAA Access Control
- The HIPAA Security Rule’s technical safeguards open with a dedicated Access Control standard. § 164.312(a)(1) requires technical policies and procedures that allow access to ePHI only to the persons or software programs that have been granted access rights.
- Controlling which users, applications and processes can reach ePHI supports this standard and the Information Access Management requirements in § 164.308(a)(4). Unauthorized access remains a frequent factor in reportable HIPAA breaches.
- To help your organization with HIPAA, we offer BestCrypt Data Shelter for policy-based access control across endpoints.
HIPAA Data Wiping
- HIPAA mandates that covered entities establish policies for the secure disposal of protected health information. This applies to both paper and electronic records (ePHI). For ePHI, disposal must guarantee that the information cannot be reconstructed or accessed. Techniques like data wiping align with these requirements.
- Media can be sanitized following NIST Guidelines for Media Sanitization, which outline three methods for data destruction: Clear, Purge and Destroy.
- To help your organization with HIPAA, we offer BCWipe to wipe selected files and folders and BCWipe Total WipeOut to erase entire hard drives.
Map & Classify Sensitive Health Data Before You Secure It
Compliant with Leading Data Erasure & Security Standards
With Jetico, You Can
Jetico helps you discover where ePHI resides, protect it while it’s needed and securely erase it when records are no longer required – supporting every stage of the data lifecycle HIPAA expects you to control.
Need Help with HIPAA?
Our data protection specialists are here for you.
About HIPAA Compliance
Few institutions need to be as protective of personal data as healthcare. Introduced in 1996, the Health Insurance Portability and Accountability Act (HIPAA) sets strict standards for safeguarding electronic protected health information (ePHI). The regulation requires organizations to take steps to maintain data privacy and security across access, transmission and disposal processes.
HIPAA’s enforcement and breach notification requirements were significantly strengthened by the HITECH Act of 2009, which also made Business Associates directly accountable for HIPAA violations.
Similar regulations, such as the General Data Protection Regulation (GDPR) in Europe and PIPEDA in Canada, also enforce data protection standards within the healthcare industry, emphasizing the global need for stringent cybersecurity measures.
News & Blogs
Stay updated with the latest news, insights, trends and expert tips on data protection and cybersecurity.
Check back here regularly for news and blogs