The Health Insurance Portability and Accountability Act (HIPAA), together with the Health Information Technology for Economic and Clinical Health (HITECH) Act, set information security standards for health care providers, health plans, and other companies that create or process health care data.

First introduced in 1996, HIPAA sets standards for the confidentiality of Protected Health Information (PHI). Protected information includes any data that can be used to identify an individual and relates to an individual's health condition, health care, or payment for health care. Organizations covered by HIPAA are required to encrypt PHI at rest and when the data is transmitted over external networks.

The HITECH Act of 2009 strengthened HIPAA's data protection mandates by increasing the fines organizations face for failures to comply with HIPAA, and by requiring covered entities to notify regulators, individuals, and the media in the event of a security breach involving PHI. The HITECH Act also extended HIPAA requirements to business associates of health care providers and other covered entities.

Meet HIPAA and HITECH Requirements with PKWARE

PKWARE’s data security platform allows organizations to protect individuals' health information at rest and in transit, while maintaining complete control over who can decrypt and access the data.

PKWARE applies persistent data-level protection, using strong encryption that meets FIPS 140-2 standards for secure cryptography. Encrypted information remains unreadable by unauthorized users, even in the event of a security breach. With PKWARE, even the most sensitive information can be sent via open, public networks without additional layers of protection. This helps ensure compliance on the part of business associates (who transmit or access sensitive information, and vendors who have contracts with entities covered by HIPAA and HITECH.

Encrypting PHI with PKWARE can eliminate the negative effects of a security breach, and exempt a covered entity from the HITECH's data breach requirements. When encrypted data is stolen or misdirected, it remains inaccessible to unauthorized parties, so the breach is not considered a reportable event under HIPAA or HITECH.

The Centers for Medicare and Medicaid Services (CMS), the agency responsible for enforcing HIPAA requirements, uses PKWARE’s encryption software to meet its own compliance requirements. CMS also uses their encryption solution to securely exchange sensitive information with hundreds of external partners, including other government agencies, research labs, universities, and large corporations.

PKWARE’s innovative Smartkey technology automatically generates, synchronizes, and exchanges encryption keys according to your organization’s security policies, making the process automatic for end users. Smartkeys can be managed using PKWARE’s administration console and can be stored on third-party dedicated key management appliances.