HIPAA & NIST 800-111
January 28, 2021
What is HIPAA?
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient's consent or knowledge. The US Department of Health andHuman Services (HHS) issued the HIPAA Privacy Rule to implement HIPAA requirements. The HIPAA Security Rule protects a subset of information covered by the Privacy Rule.
The Privacy Rule standards address the use and disclosure of individuals' health information (known as "protected health information") by entities subject to the Privacy Rule. These individuals and organizations are called "covered entities." The Privacy Rule also contains standards for individuals' rights to understand and control their health information usage. The Privacy Rule's primary goal is to ensure that individuals' health information is adequately protected while allowing the flow of health information needed to provide and promote high-quality health care and protect the public's health and well-being. The Privacy Rule strikes abalance that permits essential data uses while preserving the privacy of people who seek care and healing.
The following types of individuals and organizations are subject to the Privacy Rule and considered covered entities:
· Healthcare providers
· Health plans
· Healthcare clearinghouses
· Business associates
HIPAA requires data at rest to be secured according toNIST 800-111 and data in motion to be secured by NIST 800-52, 800-77, or FIPS140-2. Standards-based Transport Layer Security (TLS) secures data in motion, so organizations don't have to decide how to implement transit security.Organizations have multiple options for meeting 800-111.
What is NIST 800-111?
NIST 800-111 is a Guide to Storage EncryptionTechnologies for End User Devices. It is a dated standard that describes the encryption technology options available. SecureCircle's Data Access SecurityBroker (DASB) didn't exist in 2007 when NIST created the specification. DASB has helped numerous organizations meet their HIPAA requirements.
While meeting the requirements may not be a challenge, ensuring an organization receives value on their implementation is. All the solutions listed below can help companies secure data from threats involved in lost or stolen devices. Some of the options can also prevent OS and application layer threats such as malware and insider threats.
Some solutions offer a portable encryption solution compliant between devices when sharing files across operating systems such asWindows and Mac.
SecureCircle is the only solution that allows for customizable data encryption scope based on the customer requirement. Customer scan select to secure data files only or all data.
SecureCircle is also the only fully transparent solution that provides portability. End-users use existing applications and workflows without any change. There are no additional steps to decrypt files before working with the data. Any application, any file type, and any file size is supported. Customers deploy SecureCircle quickly since no end-user training is required.
Contact SecureCircle to find out how DASB helps organizations meet compliance requirements such as HIPAA.
Prevent Data Breaches
Let’s discuss your unique cybersecurity challenges and needs.
If you want to notified when we post the newest content about mitigating insider threats, data breaches, protecting source code, and DASB, please subscribe to our SecureCircle newsletter.