HIPAA | HITECH Data Security Compliance

Comply with HIPAA and HITECH requirements provisions to encrypt electronic patient health information


The Vormetric Data Security Platform from Thales e-Security provides encryption solutions that help organizations meet the HIPAA Security Rule and HITECH compliance requirements transparently -- without changes to operational processes and the daily work of healthcare professionals.

The US Health Insurance Portability and Accountability Act (HIPAA)

The HIPAA Security Rule requires covered entities to implement technical safeguards to protect all electronic protected healthcare information (ePHI), making specific reference to encryption, access controls, encryption key management, risk management, auditing and monitoring of ePHI information. The HIPAA Security Rule enumerates examples of encryption methods that covered entities can employ, along with the factors to consider when implementing a HIPAA encryption strategy.

Health Information Technology for Economic and Clinical Health Act

Enacted as a part of the American Recovery and Reinvestment Act (ARRA) of 2009, the HITECH Act expands the compliance requirement set, requiring the disclosure of data breaches of “unprotected” (unencrypted) personal health records, including those by business associates, vendors and related entities.

HIPAA Omnibus Rule of 2013

The “HIPAA Omnibus Rule” of 2013 formally holds business associates liable for compliance with the HIPAA Security Rule.

Encryption of ePHI

Vormetric Transparent Encryption provides file and volume level data-at-rest encryption to protect ePHI from unauthorized access. Vormetric Application Encryption adds another layer of security and HIPAA/HITECH compliance capabilities, enabling organizations to easily build HIPAA/HITECH encryption capabilities into internal applications at the field and column level.

Strong Key Management

Vormetric Key Management provides the integrated, secure encryption key management that meets HIPAA requirements to separate keys and encrypted data. This solution enables centralized management of encryption keys for other environments and devices including KMIP compatible hardware, Oracle and SQL Server TDE master keys and digital certificates. And Thales nShield HSMs provide FIPS 140-2-certified, hardware-based protection and management of organizations' most critical keys.

Data Access Controls

Vormetric Data Security Platform access controls extend data breach protection by limiting data access to authorized personnel and programs. In addition, the Platform’s data access monitoring generates the security intelligence information required to identify accounts that represent a threat because of a malicious insider or malware-compromised account credentials.

Solution Briefs : Vormetric Transparent Encryption

Vormetric Transparent Encryption delivers data-at-rest encryption, privileged user access controls and security intelligence logs to proactively meet compliance reporting requirements for structured databases and unstructured files....


Watch our interactive demo Explore
Schedule a live demo Schedule
Get in contact with a specialist Contact us