Health Insurance Portability &
Accountability Act (HIPAA) Compliance
In the U.S., all entities that process and store electronic health records are required to comply with a set of rules on patient records known as HIPAA. This regulation provides two major sets of guidelines called Security Rule and Data Breach Notification Rule. DAtAnchor is a novel crypto-tech that uniquely anchors data consumption within network boundaries, serving as an additional line of defense against inevitable breaches. This HIPAA compliance solution enables users to consume data without giving them the full ownership of it. With DAtAnchor, security travels with data.
How DAtAnchor Can Help Your
Organization Become HIPAA Compliant
DAtAnchor works seamlessly with your existing HIPAA compliance solutions and communication platforms, further complementing protection against inevitable human errors and external threats. The solution establishes specific data access boundaries and conditions to ensure only the right people are obtaining the information. If an illegitimate user attempts to gain access, DAtAnchor will automatically revoke access, thus minimizing the risk of human error.Read More
Implementation requires a lightweight agent installed in the users’ devices. All other components of DAtAnchor can be implemented on a cloud and provided as a SaaS solution, making large-scale integration simple. Data is protected through both the DAtAnchor Heartbeat and Anchor services:
The Heartbeat Service:
- Enables efficient and automated data governance by providing the client with secured gateways to access files in the cloud or database, supported by user logs with full visibility into data usage
- By context-based, dynamic access control, the Heartbeat Service enables revocation of unauthorized data access, even after a breach has occurred
- Plaintext never actually leaves the boundaries of the network, meaning all data remains encrypted outside of defined contexts
The Anchor Service:
- Uses automated local key management to achieve even stronger encryption
- Secures all types of sensitive data by anchoring the attacker inside the network
- Identifies unusual activity and throttles data access to proactively limit data loss
What Components Make Up HIPAA & How
Can Lack Of Compliance Impact an
The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity and security of electronic protected health information. The HIPAA Breach Notification Rule requires entities to provide notification following a breach of unsecured protected health information – even if the lost data was being consumed by third parties at the time. These fines can range from $100 to $50,000 per violation (or per record), with a maximum penalty of $1.5 million per year for each violation. Fines are especially high if it is shown to be committed willfully (e.g., by an insider).
The Great Importance of Deeper HIPAA
Protection in Today’s Cybersecurity
Companies in the healthcare industry are suffering data breaches at an increasing rate – and almost all of these breach lead to a major loss of data, costly penalties and damage to reputation. Breaches will happen – hackers are getting smarter and don’t work within the confines of basic HIPAA regulations. Entities need to be prepared to manage breaches and mitigate the associated data losses. Existing solutions are not robust enough to manage these risks while also tracking, controlling and fully revoking unauthorized data access. As a result, most businesses fail to comply with HIPAA. Within the past two years, there were more than 400 breaches with a size affecting more than 500 patients, currently under investigation by the Office for Civil Rights.
DAtAnchor Provides Solutions to Many
Aspects of HIPAA Compliance:
- Ownership of sensitive files can be revoked, even after a breach is committed. Providers are able to prove a secure breach (i.e., lost data remains encrypted) and do not need to disclose breaches to data owners per HIPAA.
- Consumption of data is limited within predefined location contexts. Creation of such contexts enables secure gateways between electronic processing systems, making it possible for providers to enable data portability between data closets over a secure and dynamically configurable infrastructure.
- Data access flow is controlled to keep the attacker within the network boundaries, enabling detection. Fines associated with lost data are proportional to the volume of data lost (incidents involving fewer than 500 patients are not posted on the HHS website). DAtAnchor reduces this number by multiple orders of magnitude with its novel key unlocking throttling mechanism.
- Extensive user and data activity logs enable granular monitoring for audit purposes. This helps providers meet the 60-day deadline for full reporting of a breach and offers access logs to be made available to HHS and OCR upon request.