HITECH

February 19, 2010

3 days ‘til HITECH penalties enforced

Kyle Parris
Director of Product Management
nuBridges

That’s right. February 22, 2010 is the date when monetary penalties can be imposed if unsecured Protected Health Information (PHI) is breached. Under the Health Information Technology for Clinical and Economic Health (HITECH) Act, PHI in the form of electronic data is considered unsecured unless it is encrypted or destroyed.

NIST-compliant encryption is mandated by the act’s related Health and Human Services (HHS) breach notification regulations. If your health care organization doesn’t encrypt PHI today, is it on your “to do” list?

It’s never too late to avoid the prospect of hefty sanctions. I’d like to recommend a white paper that nuBridges recently published http://nubridges.com/resource-center/whitepapers/best-practices-enterprise-mft/ to help you analyze the different managed file transfers that are available to securely and reliably transmit electronic PHI. 

To your health,

Kyle

Posted at 04:44 PM in HITECH | | Comments (0) | TrackBack (0)

Technorati Tags: , , ,

| |

January 26, 2010

HITECH Act Enforcement and Heightened Regulation Begins February 18th

Kyle Parris
Director of Product Management
nuBridges

By extending HIPAA (Health Insurance Portability and Accountability Act) rules for secure transfer of protected health information (PHI), the 2009 HITECH ( Health Information Technology for Economic and Clinical Health) Act mandates that health care providers enforce encryption and audit controls over all business processes involved with data transfers. The provisions with the most significant impact for health care organizations are the mandatory breach notification requirements, combined with a new, punitive enforcement scheme. The risks for penalties, fines, brand damage and loss of business are great. So, what does that mean when it comes to the risk to your health care organization? It means that your organization can be heavily fined for data breaches. And you, your employees and business partners are even subject to criminal penalties. 

What’s your best option for ensuring that you, your employees and business associates are in compliance with the spirit and letter of HITECH? The simple answer is secure all PHI according to HHS (Health and Human Services) guidelines. Make certain that all electronic PHI is encrypted. For PHI that is in transit within or outside your organization that means employing a Managed File Transfer solution that meets best practices for data encryption

Are you ready for February 18th?

Until next time,
Kyle

Posted at 01:52 PM in HITECH, Managed File Transfer, nuBridges | | Comments (2) | TrackBack (0)

Technorati Tags: , , , ,

| |

January 20, 2010

Conundrum – My company wants me to share more data and at the same time secure more data!

Gary Palgon
Vice President, Product Management
nuBridges

CIOs everywhere are being told by the business that they need to share more data, both internally and with business partners.  And then they are being told to secure more data to limit its use to only authorized users. 

Retailers, like many other industries, have been battling this during the past few years as they strive to comply with the PCI Data Security Standard to protect credit card information but the battle is only getting more complex.  Key to many organizations is their customer information, often part of loyalty and/or credit programs which require them to store for future use information considered to be personally identifiable information or PII

In a recent article by Walt Conway about what he heard at last week’s National Retail Federation (NRF) conference, he noted “While in New York, I heard a lot of CIOs talk about balancing the pressure to open systems and databases to more internal users with the need to protect the data. This balancing act will get more interesting as the volume of customer data expands.”  This is exactly the dilemma I hear all of the time.

And while that’s from a retail perspective, it’s no different in Healthcare.  Look at the US Health Information Technology for Economic and Clinical Health Act (HITECH) which as part of the American Recovery and Reinvestment Act (ARRA) has a goal to implement electronic medical records (EMR), secure protected health information (PHI) and share patient data security through out the ‘medical supply chain’.  Once again, the theme mirrors that above, share the electronic data but also secure it.

There are no silver bullet answers here, but it is important to take a strategic look at how PCI, PII and PHI is created, used, shared, archived and destroyed in order to properly ensure it is only used by authorized individuals, secure at all times and destroyed when it is no longer needed. 

What are the challenges related to locking down data and sharing more data in your organization?

Until next time,

Gary


PS...Later this week, nuBridges is releasing a new White Paper, "The Power of Integrated Protection."    This White Paper explores the emerging issues that are driving enterprises to seek an enterprise-class encryption, tokenization, key management and compliance solution to protect sensitive PCI, PII and PHI data.   I am offering early access to my loyal blog readers.  Click here to download the new White Paper, "The Power of Integrated Protection."   

Posted at 08:34 AM in Data security, HITECH, PCI DSS, PII, retail | | Comments (0) | TrackBack (0)

Technorati Tags: , , , ,

| |

Recent Posts

Recent Comments

Categories

Archives

More...

Subscribe to this blog's feed

About

nuBridges Web sites

Twitter Updates

    follow me on Twitter