The FBI reports that average financial losses associated with unauthorized access to private information increased by nearly 600 percent since 2004.

Storage Encryption for Healthcare Organizations

Best Practice for HIPAA Compliance

Less Than Half Compliant

Healthcare organizations that are not yet up to speed with Health Insurance Portability and Accountability Act (HIPAA) regulations do not stand alone.

To date, less than half of healthcare providers are compliant with HIPAA security requirements.1  What is more, non-compliant organizations are in danger of becoming complacent, due to recent Department of Health and Human Services policy that makes HIPAA enforcement primarily complaint-based.

PDF Icon View/Download the Healthcare Solutions Datasheet

PDF Icon View/Download the NeoScale Solutions Brochure

Learn about NeoScale Products

HIPAA Security Breaches and Formal Complaints on the Rise

Even with only complaint-based enforcement, the healthcare industry knows that nearly one-third of its members experienced data security breaches in 2005. Roughly the same number faced Federal privacy violation complaints – the trigger for expensive legal liabilities and penalties associated with HIPAA.  In fact, the FBI reports that average financial losses associated with unauthorized access to private information increased by nearly 600 percent between 2004 and 2005.2

As non-compliant healthcare organizations scramble to meet HIPAA requirements – while facing a backdrop of rapidly growing computer security threats – they also struggle with administrative overhead expenses that account for as much as 25 percent of healthcare costs. To maintain the bottom line and still implement HIPAA security processes, these companies must find ways to do more with less.

Encryption with “Must Have” Access and Audit Controls

HIPAA Technical Safeguards Section 164.312 points to encryption as the way to protect Personal Health Information (PHI). By employing encryption, confidential health information is concealed. Combined with stored data encryption best practices – including centralized, enterprise-class encryption key management, access and audits controls, and authentication – healthcare providers can implement overall security and privacy measures that not only protect sensitive PHI and improve the quality of care through uniform, accessible health records but also significantly reduce backend PHI data classification costs.

NeoScale Solutions – Seamless. Reliable. Secure.

NeoScale Systems, Inc., the industry leader in enterprise storage security, uniquely meets the healthcare industry’s privacy requirements with a range of storage security appliances that make network data storage unreadable to unauthorized users while making it possible to control, track, and document PHI.

With NeoScale solutions, healthcare providers can automate the encryption of PHI using centralized controls that allow for varying tiers of access. By doing so, doctors, pharmacists, insurance companies, payment processors, and others are authorized with access on a need-to-know basis so sensitive patient information is protected.

NeoScale CryptoStor® storage security appliances are purpose-built, providing ubiquitous, immediate, and transparent protection of storage data regardless of application, transport, media type, or location. This enables healthcare organizations to meet compliance regulations with the lowest operational impact and at the lowest total cost.

Protection without Crippling Complexities

Healthcare IT professionals are justifiably concerned about the complexities that encryption can impose on the storage infrastructure. NeoScale storage security appliances provide a complete storage solution that automates and simplifies the procedures required to meet HIPAA compliance regulations, including:

  • Significant reduction of backend PHI data classification and management costs
  • Easily deployed stored data access control and encryption, without disruption of applications or operations
  • Streamlined storage security functions and offloading of security processing in a centralized, appliance platform
  • Enhanced consolidation economies with strong access control
  • Reasonable and accepted due diligence for HIPAA compliance

NeoScale Customers Protect PHI and Save Costs

With NeoScale solutions, top healthcare organizations can protect data according to HIPAA compliance standards – while reducing additional HIPAA data classification, management, and infrastructure costs.

A case in point, the University of Texas Health Science Center (UT/HSC) at Houston uses NeoScale storage security solutions to operate a storage area network (SAN) infrastructure that supports health and billing applications. “Protecting PHI data for HIPAA compliance can require data classification and special network and storage provisions,” said Kevin Granhold, manager of Network Services for UT/HSC. “By encrypting the PHI data, UT/HSC can overcome some of these added costs. The NeoScale appliance selectively encrypts based on application or owner data, so we can maintain segregated data sets by associating unique keys according to the application or owner. Ultimately, since CryptoStor® is not tied to any application or platform, it should continue to provide security services as new applications are brought online or as our storage resources change.”

 

1 HIPAA Compliance Survey, HIPAAdvisory.com, Summer 2005.
2 2005 CSI/FBI Computer Crime and Security Survey.