Compliance Laws – HIPAA
The Health Insurance Portability and Accountability Act (HIPAA)
This law was passed in 1996 and took effect in 2001. All organizations and business which handle, maintain, store or exchange private health or patient related-information, regardless of size, are subject to HIPAA. In addition to health care providers and insurers, this includes employers maintaining employee health records, life insurers, public health authorities, organ donation banks, pharmacies, long-term facilities, billing agencies and clearinghouses. Each instance of intentional unauthorized disclosure is punishable by fines up to $250,000 and possibly 10 years of jail time.
- Section 164.312 establishes safeguards for electronic storage and maintenance of individual health information. Organizations must ensure the confidentiality, integrity and availability of all protected electronic information it creates, receives or transmits.
- Mandates the use of security measures in 164.312(e), like encryption, to protect electronic health information from unauthorized access while being transmitted over electronic networks.
- In HIPAA section 164.312 the law establishes strict requirements regarding user access, authentication and data protection.
- Section 164.308 requires covered entities to establish contingency plans for responding to emergencies which damage systems containing electronic protected health information. This includes the ability to maintain retrievable copies of electronic records and having disaster recovery plan to restore any loss of data.
- Section 164.312(b) establishes audit controls to determine when messages were delivered, manipulated or when administrators accessed the system.
Athena Archiver assists companies in complying with HIPAA in the following ways:
- Ensures the integrity of an electronic record by encrypting messages with AES encryption at all points during transmission and storage. This is unlike several of our competitors that store your data in clear text, making it vulnerable to manipulation.
- Administration client allows you to carefully control permissions to the archive. Companies can be confident that only specified users can access patient data. Access control is also protected through zero knowledge protocol, preventing sensitive passwords from being passed over the network.
- In the event of a disaster Athena will continue to receive your email in a secure encrypted format through redundant backups and replication.
- Verify the integrity of the archive: as each email comes into the system we time stamp, serialize and create a unique signature for each message.
- Rich audit capabilities allow administrators to closely monitor the archive and maintain an accurate record of a message's lifecycle.