US Health Insurance Portability and Accountability Act (HIPAA) | HITECH Data Security

Encryption, Key Management, and Access Controls for organizations to comply with HIPAA Privacy regulations and safeguard PHI data.

Overview

What is HIPAA?
The Health Insurance Portability and Accountability Act (HIPAA) sets the privacy standards for protecting sensitive patient data. As per the HIPAA regulations, healthcare organizations and companies that handle sensitive protected health information (PHI) must have certain processes and security measures in place to handle this data. HIPAA provides the necessary framework that controls who has access to and visibility into the health data and restricting the sharing of this sensitive data.

Health Information Technology for Economic and Clinical Health (HITECH) Act
HITECH Act enacted in 2009 expands the scope of HIPAA bringing business associates and partners and vendors under the scope of HIPAA and holds them liable for compliance.
HIPAA Compliance

Challenges with HIPAA compliance

Complying with HIPAA can allow organizations to save millions of dollars that can be lost due to damages and fines levied because of data breaches. With more data and workloads moving to multicloud environments, some of the challenges faced by organizations in complying with HIPAA are:

  • Access controls – Controlling access to data can be challenging depending upon where the data resides and the systems in use.
  • Data integrity - Ensuring that the data can be read, modified, and deleted only by the authorized person.
  • Data transfer - Ability to control how the data is transferred, the methods used, and the approval.

WhatWe Do?

product-benefit-image
Encryption and Key
Management
Fortanix helps enterprises secure their sensitive data and achieve privacy compliance with a cloud-based integrated solution for Tokenization, Key Management and Encryption.
product-benefit-image
Transparent database
encryption
Fortanix integrates with native database encryption to manage and store the cryptographic keys required to encrypt all your databases including Oracle, MS SQL Server, MongoDB, PostgreSQL, MySQL, Maria DB, IBM DB2, and more.
product-benefit-image
Confidential
Computing
Confidential computing protects data and applications by running them in secure enclaves that isolate the data and code to prevent unauthorized access, even when the compute infrastructure is compromised.

How Fortanix can help meet HIPAA compliance?

benefits icon
Fine-grained access controls for users and data
Only the authorized person is given access to the encryption keys of the sensitive data and only for a specified duration of the business case.
benefits icon
Tamper proof audit logging
All access to personal data is automatically logged in a centrally viewable tamper-proof global audit trail by Fortanix. There is never any dispute about who accessed which data and when.
benefits icon
Tokenize PHI data
Comply with HIPAA regulations by substituting electronically protected health information (ePHI) and non-public personal information (NPPI) using a tokenized value.
benefits icon
Cryptographically enforced policy and auditing
Fortanix manages and enforces security policies including identity verification, data access control, and attestation to ensure the integrity and confidentiality of data, code, and applications. Using these policies, businesses can implement geo-fencing, and compute affinity to support data regulation policies such as HIPAA.