A recent data breach study conducted by Ponemon Institute* revealed that more than 88% of breaches reported in 2008 where due to insider negligence. Furthermore, the same study indicated that almost 44% of these breaches where caused by third parties such as contractors, consultants and business partners, a 40% increase since 2007. The study also indicated that the average cost of a health-care breach was $282.
Insider threat to privacy either due to gross negligence or with malicious intent is a huge concern in the healthcare industry. Recognizing these security risks early on, the HIPAA Security Rule was proposed in August of 1998 by the Department of Health and Human Services (DHHS) to secure the Electronic Protected Healthcare Information (EPHI). The primary objective of the HIPAA Security Rule is to protect the confidentiality, integrity, and availability of EPHI when it is stored, maintained, or transmitted. The regulation applies to all health care entities such as health plans providers (HMOs, group health plans, etc.), health care clearinghouses (billing and repricing companies, etc.), or health care providers (doctors, dentists, hospitals, etc.) who transmit any EPHI. The regulation requires that all such entities be in compliance by August 2005.
The Security Rule contains three measures that must be addressed in order to protect and assure the confidentiality of electronic protected health information:
- Administrative Safeguards: Implement and maintain policies and procedures to prevent, detect, contain and correct security violations.
- Physical Safeguards: Implement and maintain policies and procedures to limit physical access to computer systems and their facilities, while ensuring that properly authorized access is allowed.
- Technical Safeguards: Implement and maintain policies and procedures that protect and monitor information access and prevent unauthorized access to data transmitted over a network
How EpiForce enables healthcare entities to achieve compliance with administrative and technical safeguards of HIPAA Security Rule
Apani EpiForce proactively eliminates vulnerabilities within the corporate network by creating an identity-aware network that isolates users and systems in logical security zones. EpiForce then strictly controls access to these zones and secures communications between them with policy based encryption of data in motion, regardless of platform or the physical location of the systems themselves.
Designed for large mixed-platform data centers and operating at the network layer, EpiForce is transparent to applications and end users, eliminating the need for costly application revisions or end-user training associated with traditional network security solutions. And, by automatically enforcing security relationships and reporting on attempted unauthorized activity, EpiForce can reduce the overall cost of security and compliance audits.
Related Resources:
*
Data Breach Costs Rose Significantly In 2008
http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=213000466 |
