This post was originally published here by Jacob Serpa.
The Health Insurance Portability and Accountability Act, or HIPAA, is a U.S. law critical for healthcare organizations. The law aims to safeguard protected health information, or PHI, which is any data that uniquely identifies an individual. PHI can take the form of social security numbers, medical record numbers, license plate numbers, and more. It must be protected by virtually any entity that handles it in relation to healthcare.
A cloud access security broker (CASB) is the perfect tool for reaching regulatory compliance. Bitglass recently released a report explaining how organizations can use its CASB solution to meet the demands of HIPAA. Below are some key points from the report:
Security Rule – Administrative Safeguards
The administrative safeguards of HIPAA’s security rule require organizations to do things like perform risk analysis and prevent terminated employees from accessing sensitive data. Bitglass can help with the former through its discovery tool that detects and ranks risky data outflows, while the latter can be ensured through real-time access controls.
Breach Notifications
Under HIPAA, any organization that experiences a breach of PHI must file a report detailing things like how much PHI was compromised, who was involved, and steps taken to reduce the breach’s impact on PHI. Bitglass can help with identifying and detailing breaches through its activity logs that specify user, data, and application activity. Harm to sensitive data can be mitigated through DLP capabilities like redaction. It is important to note that a report doesn’t need to be filed if compromised data is in an unusable and indecipherable state via encryption.
Security Rule – Technical Safeguards
The variety of technical safeguards demanded by HIPAA’s security rule include things like authenticating users and ensuring data integrity during transmission. Bitglass can integrate with existing SSO solutions (or serve as one) to authenticate users and ensure secure data access across organizations’ suites of cloud apps. Through end-to-end SSL encryption, Bitglass enables secure transmission of data between cloud apps and endpoints.
Organizations required to comply with HIPAA must adhere to the law or face reputational and financial penalties. As such, they need to adopt complete security solutions that can address a variety of compliance concerns. For more information on how Bitglass can help with meeting the demands of HIPAA, download the full report below.
Photo:lopesmachado.com