|
| SpotlightContent |
Products: |
| Achieving Compliance with Recent Security Regulations
|
|||||||||||
|
This page contains information on the following recent Federal security regulations: The Health Insurance Portability and Accountability Act (HIPAA), enacted into law by Congress in 1996, contains regulations regarding the handling of protected health information (PHI). Compliance with HIPAA guidelines on patient privacy (the Privacy Rule) became mandatory on April 14, 2003. ISC helps covered organizations (health care providers, health plans, health care and insurance clearinghouses, etc.) safeguard their sensitive electronic health information. Our products can be used to securely store, maintain, and transmit PHI. When used properly, encryption and certificates (also known as "digital IDs") provide effective means of limiting access to PHI to authorized health care professionals. Reference: NIST Special Publication 800-66, An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, U.S. Department of Commerce, March 2005. ISC Solutions Addressing HIPAA Requirements
SecretAgent allows covered organizations to securely exchange PHI via e-mail or other file transfer mechanisms (FTP, HTTP, etc.). SecretAgent supports all federally-approved security protocols for file encryption and is based on ISC's FIPS 140-1 validated cryptographic engine. Interoperable versions of SecretAgent are available on all popular computing platforms. SecretAgent is extremely economical for secure data transfers in a single direction, such as from a hospital to an insurance clearinghouse. Only the sending entity needs to purchase a SecretAgent license; the receiving party can use the free SA5Reader application to decrypt incoming data. (A key pair can be generated for the receiving party by the sender, or the receiver can purchase an X.509 certificate from ISC for a nominal fee, currently $10/yr.) HIPAA is interpreted and enforced by the Department of Health and Human Services' Office of Civil Rights, and the Centers for Medicare & Medicaid Services. An HHS website devoted to Privacy and Security matters and providing links to final Privacy Rules published in the Federal Register is here. At the end of 2004 the US Nuclear Regulatory Commission published an immediately effective order and a proposed rule that affects “All Licensees Who Possess Radioactive Material in Quantities of Concern and All Other Persons Who Obtain Safeguards Information.” These new regulations impose strict requirements on the protection of information that concerns the safeguarding of radioactive materials. For information regarding the secure handling of SGI and SGI-M information using ISC products, vist:
For information on compliance with the FDA's 21 CRF Part 11 rule, visit:
|
