HIPAA HITECH Data Loss Prevention Solution - GTB Technologies, PCI, Sarbanes Oxley, OFAC, Data Leak Prevention, Virtual ZERO FALSE POSITIVE RATE, Virtual ZERO FALSE NEGATIVE RATE; Information Risk; Privacy Compliance: IT Compliance, Data Loss Prevention, Discovery

HIPAA & HITECH ACT COMPLIANCE

What is HIPAA & and the HITECH Act?

On August 21, 1996, HIPAA was created as an amendment to the Internal Revenue Service Code of 1986. HIPAA stands for Health Insurance Portability & Accountability Act, and is also known as the Kennedy-Kassebaum Act. The purpose of HIPAA is to standardize electronic patient health administrative and financial data, ensure unique health identifiers for individuals, employers, health plans and health care providers, and to guarantee security standards that protect the confidentiality and integrity of individually identifiable health information, past, present or future.

HIPAA mandates vast changes in the manner in which healthcare organizations protect customers Protected Health Information (PHI). HIPAA requires healthcare organizations to protect the confidentiality and security of health data by setting and enforcing standards, and to improve the efficiency in healthcare delivery by standardizing electronic data interchange.

The HITECH Act, devised by Congress primarily to address electronic medical records, is being noted for its impact in adding a tough data-breach notification requirement to the long list of existing Health Information Portability and Accountability Act (HIPAA) requirements.

Like HIPAA, the HITECH Act covers healthcare providers, insurers, clearinghouses and also business associates handling personal information about patient health, as well as other protected information, including name, Social Security number, address and insurance account numbers.

Basic rules on HIPAA compliance:

Organizational awareness of HIPAA must be developed
Comprehensive assessments of the organization's privacy practices, information security systems and procedures, and use of electronic transactions must be done
A HIPAA compliance action plan for each rule must be developed, including:
I. Developing new policies, processes, and procedures to ensure privacy, security and patients' rights
II. Building business associate agreements with business partners to support HIPAA objectives
III. Implementing a secure technical and physical information infrastructure
IV. Updating information systems to safeguard protected health information (PHI) and enable use of standard claims and related transactions
V. Training of all workforce members
VI. Developing and maintaining an internal privacy and security management and enforcement infrastructure, including providing a Privacy Officer and a Security Officer

GTB Technologies' HIPAA & HITECH ACT compliance solution:

GTB's rule manager contains a pre-defined HIPAA compliance rule, which defines HIPAA secure data as anything containing Protected Health Information (PHI)
Protected Health Information (PHI) stored within the network and endpoint devices are discovered, exposed and protected
All outbound traffic across all network protocols is monitored for secure Protected Health Information (PHI) , with nearly 100% detection ratio and zero false positives
HIPAA Data is prevented from being saved on removable media devices, such as: USB, CD/DVD or iPods
GTB provides detailed HIPAA reporting and role-based options that support auditing requirements

Should Your Organization be concerned about HIPAA Compliance?
Virtually all healthcare organizations are governed by HIPAA compliance, including all healthcare providers, health plans, public health authorities, healthcare clearinghouses, and self-ensured employers - as well as life insurers, information systems vendors, various service organizations, and universities. Those not compliant with HIPAA face fines up to $250K and/or imprisonment up to 10 years for knowing misuse of individually identifiable health information and fines up to $25K for multiple violations of the same standard in a calendar year.