Of the many government and industry regulations out there, I have been hearing the most about HIPAA lately. Many of the recent discussions I’ve participated in have revolved around the strict data breach notification requirements listed in section 13402 (e)(4) of the HITECH Act . Specific to these conversations has been the safe harbor language, which provides a way to legally avoid this notification process.
The HIPAA regulations state that if there is a data breach affecting more than 500 records, then the entity must notify the individuals affected, the Department of Health and Human Services (HHS) and major media outlets. Besides the immediate monetary cost, you also must deal with the damage to the company’s reputation, and public relations costs required in remedying that. Besides your COMPANY’S reputation, you also have your OWN reputation to worry about. Will this be an unwritten entry on your resume for years to come?
Interestingly, there is a loophole, which can allow you to skip the entire notification process. What is this loophole you ask? It’s called the Safe Harbor provision and can be easily found in section 216 of the regulation. It states that if your data is encrypted using the standards set forth in the National Institute of Standards and Technology (NIST) Special Publication 800-111, then the data is considered unreadable and unusable, therefore you are NOT required to notify anyone of the breach.
Fortunately, you don’t have to design your own encryption solution. Gazzang has taken care of that for you. Gazzang has created a high performance, transparent encryption solution that can encrypt virtually anything running on the Linux platform, coupled with a state of the art key management solution. We stringently followed the NIST guidelines when creating our enterprise-ready encryption solution. We leverage the AES encryption algorithms, which are recommended by NIST, as well as using a state of the art key management solution that stores the keys on a remote server either inside your firewall or in our remote, cloud-based Key Storage Server. Amazingly system performance degradation is nearly always less than 1%, the implementation is very straight forward, and the cost is very reasonable, much less than developing your own solution from scratch.
echoBase recently released a new solution for doctor’s offices that provides physicians the new mobile platform they have been clamoring for. It provides mobile access to EMR, PM, Imaging, ePrescribe and other clinical systems. All of the Patient Health information is protected by Gazzang’s encryption solution.
In conclusion, the notification requirements contained in the HIPAA regulations can be costly monetarily, as well as scarring both the reputation of your company, and also your personal, professional reputation. If there is a way to avoid these nightmares, don’t you think it’s worth an investigation? Why don’t you contact us today at firstname.lastname@example.org, and let us show you how we can help.