HIPAA Compliance can be simpler
HIPAA compliance | Protecting the Privacy of ePHI – effective user data backup
For an introduction to HIPAA read our comprehensive blog on HIPAA compliance
In order to prevent unauthorised access to private information, Health Care institutions need a reliable endpoint data backup software security solution. This not only protects confidential business data, but also protects patient healthcare records and staff personal data. This should not only be a HIPAA compliance consideration, it should be a moral obligation for all organisations in this industry.
Data that isn’t effectively protected is left vulnerable to data breaches and data loss- negating any attempts at data privacy and resulting in HIPAA non-compliance.
Loss of user data is a pervasive security problem among global companies, according to a survey released by Ponemon Institute and Vontu, a San Francisco-based provider of data loss prevention products
According to the survey, which queried nearly 500 information security professionals, Eighty-one percent of companies reported the loss of one or more laptops containing sensitive information during the past 12 months,
Lost data can result in:
- Access to confidential PHI by unauthorised parties
- Reputational damage
- Compliance consequences
- Legal action
The kind of user data protection solutions required to protect health care data in the modern, mobile, world are endpoint device focused – developed ‘from the ground up’ to provide IT with a simple, reliable and rapid response tool to secure, backup and recover data from laptops, desktops and other devices. Making HIPAA compliance simpler.
The results of our 2010 Data Loss survey support this with nearly half (46%) of respondents relying on a data backup policy (instructing users to backup to a server or external device) for endpoint user data protection.
However the failure of users to follow company policy was also highlighted as the main cause of data loss.
Even more disturbing was that 68% of respondents were unsure if their company would be able to recover user data in the case of data loss.
In compliance with the Privacy Rule, it is paramount for Health Care companies to have an extremely secure data backup solution that protects endpoint data.
HIPAA compliance requires you to establish and implement procedures to create and maintain retrievable exact copies of electronic protected health information, you will need an effective endpoint data backup solution.
- Backups and restores should be fully-automated. This eliminates the need for manual data handling.
- The service should be easy to use, without adding to the workload of your current staff.
- The backup process should take place throughout the day, without interrupting your operations. Ideally, continuous data protection should be available.
Ensuring HIPAA Compliance with an effective user data backup solution
Central control over data backup policies
Central control over data backups and data backup policies not only ensures that PHI is securely backed up, it increases endpoint security and disaster recovery preparedness and decreases the risk of unauthorised access to confidential information.
In order to enforce a data backup policy and effectively protect PHI, IT needs to have a complete oversight over the endpoint data backup environment.
This central control over data backups ensures that user data is secure and available for recovery in the event of data loss.
Cibecs gives IT central control over endpoint business data by providing the ability to:
- Centrally deploy the User Agent software, automating installation and ensuring user adoption.
- Centrally define policies over what data needs to be backed up, from which users, and when
- Pinpoint potential data loss risk areas quickly and act on it
- Manage backups centrally and report on protection ratings and areas of concern
- Prove compliance and the efficiency of Disaster Recovery Planning with intuitive data reports
- Automate the backup process, further ensuring that user data is backed up and secure
With Cibecs, the organization has full control over endpoint data backup selection, quotas, schedule options and settings.
Local Disc Encryption: Products like Safeboot, PGP and open source options like TrueCrypt encrypt the data on an individual’s notebook or desktop, in addition to the data being backed up and encrypted by an effective data backup and recovery software solution.
Backup encryption: The backup and recovery solution you use should automatically encrypt your data. This is an especially important feature when it comes to Security Rule compliance. Anyone with IT access can usually access data stored on the server, which is why encryption of user data (and Ephi) is vital in preserving data integrity and ensuring adherence to HIPAA.
Cibecs is a certified Cryptography Service Provider
With Cibecs, the backup data for each user is encrypted using Blowfish 448bit (CBC mode) before being transmitted to the server.
All communication between the User Agent and Continuity Server is encrypted through a secure SSL connection. The backup and restore data is also in an encrypted state while being transmitted therefore providing increased data security.
Effective encryption aids in ensuring that confidential patient information can’t be accessed by unauthorised parties.
Centralized & granular data access control
Central control over user data backups is a paramount foundational consideration when addressing HIPAA and the Security Rule. However, once the data is backed up and secure, controlling access to this data is an equally important measure and necessity in ensuring Administrative Simplification compliance.
Policy should limit access to confidential ePHI data based on business roles.
Cibecs ensures central control over endpoint user data with controlled and customisable access to confidential data. With Cibecs, an encryption key is uniquely generated per user to ensure that access to data remains on a ‘per user’ level.
To access a user’s data requires the uniquely generated encryption key for that user to be entered. This key is safe guarded in the Encryption Key Safe. The Encryption Key Safe safeguards each user’s unique encryption key in the event of a user requiring access to their data.
Cibecs provides the ability for authorized personnel to be granted ‘Security Officer’ rights over encryption keys enabling them to retrieve keys when required. This ensures granular access to confidential information and central control over who can view data.
The ability to track data changes
The ability to track changes made to data and to restore previous versions of data is a paramount feature for HIPAA compliance and avoiding penalties.
A recent example of this is a health care insurance institution suspected unauthorised access to their records where changes were made to patient details. Unfortunately, as they couldn’t restore previous versions of their data, they could not legally prove their case or correct the changes made. The case resulted in the organization incurring hefty financial penalties and losing clients.
A backup solution that provides previous versions of files to be restored removes this risk, improves HIPAA compliance and provides an audit trail for any data changes made.
Cibecs allows authorised access to previously backed up versions of user documents through file versioning, giving organizations the ability to restore older versions of files as well as track and monitor data changes. This is a huge security advantage for enterprises in instances such as
- Avoiding financial penalties during compliance review
- Proving legal disputes
- Monitoring and validating a data security breach
With access to this information, enterprises have greater control over data, and security risks are substantially reduced as past versions of user files can be easily restored.
Safe, Fast & simple data recovery
A safe and reliable data recovery tool is vital for HIPAA compliance. Organizations need to be able to restore data as quickly and simply as possible after data loss for effective Disaster Recovery planning and in order to prevent user downtime.
Secure data restores are also vital for data migration during projects such as OS or hardware migration. With over 60% of data migration projects failing, Covered Entities and their Business Associates need a solution that not only simplifies data migration, but ensures that data integrity isn’t compromised during such projects.
It is also imperative that data recovery is limited to authorised parties and the data restore process is secure and compliant.
If a user laptop or desktop is stolen, products like Net Trace also allow for asset tracking and remote deletion of the information – but then the data is lost forever. If your endpoint business data is backed up you can go ahead, destroy the data on the user’s machine in the knowledge that the business data is accessible and can be restored.
Cibecs ensures simple, fast and safe data recovery with:
- Fast, wizard-driven restores
- Unattended data restore
- File versioning, recover previous versions of data
- Ability to restore data to original location on new machine or Operating System
Protecting data from unauthorized recovery, ensuring data integrity & preventing data loss during migration
Weekly reporting on data backups and the security of user data provides an audit trail and makes proof on compliance significantly easier. These reports also ensure that the organization is aware of any potential data loss risks and can address such threats accordingly, adhering to compliance regulations.
Cibecs will simplify & ensure HIPAA compliance
Cibecs provides simplified technical & business reporting on data backup efficacy. The Control Center includes views and reports to provide administrators with detailed information on the effectiveness of Cibecs backups.
The system summary report provides a single-page management report that includes backup statistics that can be used for HIPAA compliance measurement.
The Control Center also includes a dashboard that provides a summary of the Continuity Server’s overall protection status as well as the group and user protection status according to categories. This provides easy compliance proof during a review.
Daily or weekly reports can be configured for delivery via email to provide both a business and a technical information update on the effectiveness of Cibecs.
Tangible business & operational benefits
HIPAA compliance can and must be achieved through finding the appropriate data security solutions, implementing a secure disaster recovery strategy and creating a solid and comprehensive data security ecosystem.
However, an endpoint data backup solution can also offer significant operational efficiencies- providing tangible business value while assisting with HIPAA compliance.
These benefits include:
- Faster and less resource-intensive PC refresh projects
- Easier OS migration
- Reduced bandwidth & storage requirements
- Decreased user downtime & wasted IT resources
“Cibecs has enabled our enterprise to comply with international medical data security protocols, while reducing the system administration overhead, enabling our ICT Department to operate more effectively. I’m proud to say that thanks to Cibecs we have recovered every “bit” of lost data since we started using their software two years ago.”
– Gregory Alexander Perinatal HIV Research Unit
With Cibecs, HIPAA compliance is drastically simpler. Cibecs ensures complete control over business data – simplifying enterprise data backup and recovery – while offering tangible business benefits.
Find out more about Cibecs business data backup software
Resources and Links for further information
Need an introduction to HIPAA compliance?
Read our comprehensive blog on HIPAA compliance in business