Fines for data breaches involving protected health information (PHI) can be as high as $1.5 million. Healthcare providers and their business associates can also face criminal and civil penalties for data breaches. New rules require mass media notification if more than 500 records are breached. Experior Data's encryption platform helps protect organizations by implementing a centrally-managed data encryption solution, which can provide a safe harbor against breach notification.
New York, NY (PRWEB) November 19, 2009 -- According to a survey conducted by the Ponemon Institue and sponsored by accounting and consulting firm Crowe Horwath, LLC 94% of the surveyed healthcare organizations will not be ready to comply with the new breach notification rules that go into effect in February, 2010. And 57% say that they have "known deficiencies concerning privacy, security, or both".
Business associates, such as law firms, accounting firms, and various services providers of healthcare providers and payers who have access to protected health information are also susceptible to data breaches. According to a survey by Healthcare Information and Management Systems Society (HIMSS) Analytics a third of business associates interviewed were not even aware they needed to comply with the new privacy and security provisions in HIPAA.
It is those deficiencies that the federal government wants healthcare providers to address. The government is providing a safe harbor for those orgnanizations that implement data encryption.
Traditionally, data encryption software has been deployed piecemeal on many computers without a centralized method of managing or logging encryption technology. Several software packages exist that offer centralized management but require a substantial investment in hardware, software (including database servers), and ongoing staff training.
Experior Data's OnDemand cloud-based encryption service, powered by software from PGP Corporation, makes it easy for organizations to manage their encryption platform centrally. The OnDemand service can protect hard drives (whole disk encryption), file shares, portable devices like USB and external hard drives, and e-mail. Experior provides the hosting of a centralized management console, licensing of all the required software, and provides on-going technical support for a monthly fee. Client software is provided to the customer so that it can be deployed to all endpoint computer devices. Customers do not have to purchase or maintain any hardware or software.
"Experior Data's cloud-based solution strategically differs from point solutions that address one or two vulnerabilities. Rather than providing only whole disk encryption or only e-mail encryption PGP Corporation's software protects all three major areas where data lives and travels. The customer is investing in an encryption platform that addresses Data in Use, Data in Motion, and Data at Rest. And PGP Corporation offers end-to-end e-mail encryption, something that is unique in the industry", says Alexander Zaltsman, CEO of Experior Data.
"Encryption has always been thought of as a complex technology that is difficult to understand, let alone deploy across an enterprise. We are making it easy and doing all the heavy lifting for our customers", says Zaltsman.
Experior Data is a Silver Partner with PGP Corporation, a global leader in email and data encryption software for Enterprise Data Protection. PGP's software is used by more than 110,000 enterprises, businesses, and governments worldwide, including 96 percent of the Fortune® 100, 74 percent of Fortune® Global 100, 80 percent of the German DAX Index and 71 percent of the United Kingdom FTSE 100 Index.
Experior continues to provide installation, configuration, and support of on-premise encryption solutions for customers who prefer to host their own encryption infrastructure.
Why Encryption is Needed
The Health Information Technology for Economic and Clinical Health ( HITECH ) Act, passed as part of the American Recovery and Reinvestment Act of 2009 ( ARRA ), has substantially increased the penalties for health care organizations that suffer a security breach. Health care providers and other entities covered by the Health Insurance Portability and Accountability Act ( HIPAA ) are required to notify people if a breach or unauthorized access has occurred, and may result in a violation of privacy or even identity theft.
In cases where a breach affects less than 500 people health care organizations must keep a log and submit it to the Department of Health and Human Services on a yearly basis. In cases where a breach affects more than 500 people health care organizations face considerable and serious consequences. They must notify a major media outlet, the federal government, and set up a hotline.
They also face fines, in certain cases, as high as US $1.5 million per calendar year, and the possibility of criminal charges should the company or an individual be found willfully negligent. However, covered entities that secure health information through encryption or proper destruction are exempt from the notification requirements should a breach occur. Enforcement of breach notification requirements is expected to begin in February 2010, although the government reserves the right of enforcement prior to that date but no earlier than 30 days after the publication of the interim final rule in the Federal Register.
Contact Information:
You can find out more about Experior Data on their web site at experiordata.com. Call 877-4ENCRYPT (877-436-2797) or e-mail urgent -at - experiordata.com to learn more about Experior Data's product and service offerings. You may also follow Experior Data's feed on Twitter (@experiordata) to learn about the staff's immediate thoughts on relevant protected health information topics.
Experior Data is also seeking partners such as law firms, value-added resellers, and healthcare and management consultants to work together on securing protected health information.
About Experior Data Security and Encryption:
Experior Data Security and Encryption is a managed service provider and professional services firm specializing in helping customers comply with federal regulations related to health care such as the American Recovery and Reinvestment Act of 2009 (ARRA) and the Healthcare Insurance Portability and Accountability Act (HIPAA). Experior Data differentiates itself by specializing in security and encryption of health records to ensure that health care organizations meet and/or exceed government requirements for securing protected health information.
###
