Encryption and Key Management for HIPAA/HITECH Requirements

Health Insurance Portability and Accountability Act (HIPAA)

Compliance with the HIPAA Security Rules and HIPAA Privacy Rules for Electronic Protected Health Information (ePHI) requires the use of many security technologies and best practices to demonstrate strong efforts towards complying with this federal regulation. The ability to effectively secure ePHI and audit IT and security operations may involve both strong encryption and real-time and historical activity logs that relate to many systems.


The Health Information Technology for Economical and Clinical Health Act (HITECH)

Enacted as part of the American Recovery and Reinvestment Act of 2009, it addresses the privacy and security concerns associated with the electronic transmission of health information.


Strong Encryption Meets HIPAA Requirements

Alliance AES encryption solutions provide strong, standards-based encryption for all Enterprise server environments. Alliance AES encryption solutions have been NIST validated and work across all of your server platforms to secure sensitive ePHI data.


Only Encryption Provides a Safe Harbor from the HITECH Act Breach Notification Requirement

While the HITECH rules provide some leeway in the decision to encrypt Protected Health Information (PHI), there is no ambiguity about breach notification. If you are not encrypting the data and you experience a breach, you MUST perform the notification steps, even if you think you have comparable controls. Only encryption methods approved by the National Institute of Standards and Technology (NIST) are accepted as adequate protection of protected health Information. 

Alliance AES encryption implements the full NIST specification for AES encryption including all encryption key sizes and modes of encryption. This insures compatibility with your business applications, medical delivery devices, external suppliers, and claims management providers. It is available for all enterprise platforms including; Microsoft Windows, Linux, Unix, IBM System z and System i.


Achieve Regulatory Compliance Requirements with Certified Key Management

HIPAA/HITECH requirements state that organizations must physically separate encryption keys from the data they protect. The HITECH Act guidance refers to the NIST standards for encryption key management. The federal government requires NIST FIPS-140 certification for agencies, and strongly recommends FIPS-140 certification for private companies.

Separate your encryption keys from your protected data with an easy-to-deploy rack-mounted solution, Alliance Key Manager. Alliance Key Manager provides the secure management, storage, and distribution of encryption keys you need for protecting data in motion and data at rest. Applications on any platform (System i, System z, Windows, Linux, Unix.) can securely retrieve encryption keys from Alliance Key Manager. Alliance Key Manager is FIPS-140 certified to guarantee regulatory compliance.


Implement Security Measures to Protect Health Information Transmitted Over an Electronics Communications Network

Townsend Security secure communications and web service solutions support a wide variety of secure protocols for transferring sensitive information across internal and external public networks. Townsend Security encryption solutions include support for secure transfer using SSL FTP, Secure Shell FTP (sFTP), Secure Shell Copy (sCP), HTTP and HTTPS web services, secure WebDAV, secure XML transfer, AS1/AS2/AS3 EDI over the Internet (EDI-INT), and SSL encrypted TCP sockets.


Regular Review of Security Logs Address HIPAA’s Audit Controls Requirement

Alliance LogAgent for IBM i collects hundreds of proprietary IBM security journal and system operator messages and transmits them to several SEIM solutions.