Achieving Compliance with
Recent Security Regulations

  • HIPAA PHI
  • NRC SGI
  • FDA 21CFR Part 11

HIPAA

The Health Insurance Portability and Accountability Act (HIPAA), enacted into law by Congress in 1996, contains regulations regarding the handling of protected health information (PHI). Compliance with HIPAA guidelines on patient privacy (the Privacy Rule) became mandatory on April 14, 2003.

ISC helps covered organizations (health care providers, health plans, health care and insurance clearinghouses, etc.) safeguard their sensitive electronic health information. Our products can be used to securely store, maintain, and transmit PHI. When used properly, encryption and certificates (also known as "digital IDs") provide effective means of limiting access to PHI to authorized health care professionals.

Reference: NIST Special Publication 800-66, An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, U.S. Department of Commerce, March 2005.

ISC Solutions Addressing HIPAA Requirements

 

Authentication

CertAgent X.509 certificate management system

CDK cryptographic libraries

Access Control

CertAgent X.509 certificate management system

CDK cryptographic libraries

Data Integrity and Confidentiality

SecretAgent encryption and digital signature software

SpyProof! encrypted virtual disk partitions

CertAgent X.509 certificate management system

CDK cryptographic libraries

Data Transmission Security

SecretAgent encryption and digital signature software

CertAgent X.509 certificate management system

CDK cryptographic libraries

Audit Trails SecretAgent and CertAgent offer extensive logging and reporting facilities to track all security-related operations


How SecretAgent Can Help Address HIPAA Requirements

SecretAgent allows covered organizations to securely exchange PHI via e-mail or other file transfer mechanisms (FTP, HTTP, etc.). SecretAgent supports all federally-approved security protocols for file encryption and is based on ISC's FIPS 140-1 validated cryptographic engine. Interoperable versions of SecretAgent are available on all popular computing platforms.

SecretAgent is extremely economical for secure data transfers in a single direction, such as from a hospital to an insurance clearinghouse. Only the sending entity needs to purchase a full SecretAgent license; the receiving party can use the low-priced SA6Reader application to decrypt incoming data. (A key pair can be generated for the receiving party by the sender, or the receiver can obtain a free, 1-year e-mail certificate from ISC using the coupon code provided with their SA6Reader license. Renewals currently run $10/yr.)

Related Information

HIPAA is interpreted and enforced by the Department of Health and Human Services' Office of Civil Rights, and the Centers for Medicare & Medicaid Services. An HHS website devoted to Privacy and Security matters and providing links to final Privacy Rules published in the Federal Register is here.

 

NRC Regulations Regarding SGI

At the end of 2004 the US Nuclear Regulatory Commission published an immediately effective order and a proposed rule that affects “All Licensees Who Possess Radioactive Material in Quantities of Concern and All Other Persons Who Obtain Safeguards Information.” These new regulations impose strict requirements on the protection of information that concerns the safeguarding of radioactive materials.

For information regarding the secure handling of SGI and SGI-M information using ISC products, vist:

Enercorp logo

FDA 21-CRF-Part 11

For information on compliance with the FDA's 21 CRF Part 11 rule, visit:

FDA website logo

This page contains brief descriptions and links to related information for some recent Federal security regulations.