Boldon James Classifier supports compliance with the Health Insurance Portability and Accountability Act (HIPAA) by allowing users to identify valuable data with classification labels or tags, enabling decisions to be made about how data is stored and transmitted. The organisation’s investment in and application of such a system may itself constitute a ‘reasonable measures’ defence to the legal charge of HIPAA contravention.
Boldon James Data Classification products supports HIPAA compliance by:
Ensuring appropriate control
of confidential or sensitive information
Classifying or labelling data with visual (and metadata) labels to highlight any special handling requirements
Alerting users when personal data is leaving the organisation to warn or prevent them from sending messages that contain sensitive information
Educating users about the sensitivity of data whilst ensuring adherence to corporate policy
Utilising metadata labels to drive additional security controls and solutions, such as DLP, encryption and rights management
Orchestrating data management solutions, such as data retention and archiving, to ensure adherence to data storage requirements
The US Health Insurance Portability and Accountability Act
The US Health Insurance Portability and Accountability Act (HIPAA) is intended to improve the efficiency of the U.S. health care system by encouraging the widespread use of electronic data. The standards provided by the Act address the security and privacy of healthcare data and the protection of Personally Identifiable Information (PII).
HIPAA legislation requires Health Care providers, Health Plans, Health Care Clearinghouses, and those who carry out tasks on their behalf to handle personal healthcare data responsibly and securely.
While financial penalties for violating HIPAA rules came into force in 2006, this is now no longer the sole means of enforcement. Since September 2009, data breaches involving the health information of more than 500 people are required to be reported promptly to the U.S. Department of Health and Human Services (HHS), major media outlets, and each individual affected by the breach.
Breaches affecting fewer than 500 people are treated more leniently but must still be reported annually to the HHS secretary and the individuals involved.
The Act sets a national standard for the security of electronic Protected Health Information (ePHI) for all healthcare providers and supporting organisations. It also mandates that breaches of unsecured protected health information are reported. In summary, here are the requirements for HIPAA compliance relating to electronic data:
- Technical safeguards require access control to allow only the authorised to access electronic protected health data.
- Audit reports, or tracking logs, must be implemented to keep records of activity on hardware and software. Technical policies should also cover integrity controls, or measures put in place to confirm that ePHI hasn’t been altered or destroyed.
- Network, or transmission, security. This concerns all methods of transmitting data, whether it be email, Internet, or even over a private network, such as a private cloud.
Keeping you Secure,
Compliant and in Control
Boldon James is a data classification and secure messaging specialist, delivering globally-recognised innovation,
service excellence and technology solutions that work.
With unrivalled customer service and best-of-breed data protection and governance solutions,
we are helping many of the world’s most successful organisations take control of their business data.
Everyday, our customers enjoy more effective, secure and streamlined operations -
protecting their business critical information and reducing risk.
We integrate with powerful data security and governance ecosystems.
We protect business critical data, improve data control and reduce risk.
We deliver improved and streamlined business performance.
We are a “safe pair of hands” that constantly deliver success.