Sections:

Datacraft Solutions Profiled in "The Big Squeeze"

Datacraft Solutions' Marotta Says e-Kanban is FAST road to Lean ROI

Datacraft Solutions: Barrier to Entry is ZERO

Datacraft Solutions Profiled as One of the Best Ways to Cut Company Expenses

Planning Ahead for Vacation Emergencies Part I: Medical Emergencies

Travel Tips For Canada

Travel Safety Tips

Why is it Vitally Important to Buy a Travel & Medical Insurance when Booking a Trip?

Can't Get Him to Take You on a Cruise?

Be Assured of an Insured Aloha

Bird Flu - Information for Travelers

Health Tips for Travellers

Travel Insurance - Trip Cancellation and Health Insurance

Travel Insurance? We Don't Need No Stinkin' Travel Insurance! (Do We?)

Want To Fly For Free? Here's How I Do Just That!

Medical Healthcare and Network Security

The regulations from the Health Insurance Portability andAccountability Act of 1996 (HIPAA) have a number of implementingeffects that set a new standard for the healthcare market,specifically in regard to the security of digital networks thatare increasingly used to transmit patient data. Patient data isbeing created in electronic form and the old paper records arebeing migrated to digital form for efficiency and cost savings.There is an increasing volume and flow of electronic patienthealth data. The HIPAA regulations have created a new legal standard relatedto the privacy and security of those electronic medical records.The part of the HIPAA regulations that we are most interested ininvolves the electronic transmission of patient records. Moreand more of the medical worlds business relies on digitalcommunication systems. Those are the telecommunicationsnetworks. Those networks have a number of vulnerabilities, thatis, they have security weaknesses. Those security weaknessesmake it possible for outside hackers or malicious insiders tocompromise the privacy of the data in the network. The new HIPAAregulations have implemented a stringent legal requirement forthe privacy of patient data and related security requirementsfor systems transmitting that data. Past practice is no longeracceptable. Security of the networks that are used to transmitand access the medical data is increasingly important. To date(mid-2004), most hospital network administrators have only dealtwith the security of the data while it is in their computer,that is, they have considered the privacy issue. In general,they have not started to address the security issues related tothe sensitive medical data while it is in transit over anetwork. That will change as more requirements of the HIPAAregulations, such as the security regulations, take effect. Engedi Technologies, Inchas two technologies, the SRM™ and Key2 technology (K2t)™, thatenhance network security. The Engedi SRMa™ addresses a number ofthe vulnerabilities not currently addressed in most operatingnetworks. Engedi is working to ensure health care companies knowabout the security advantages of an SRMa™ enabled network. Thereare a number of known and reasonably anticipated vulnerabilitiesin the network systems now in use. The Engedi products, theSRMa™ and complimentary Key2 technology (K2t)™, help an entityseeking to be HIPAA compliant to eliminate or reduce those knownand reasonably anticipated security vulnerabilities. Implications for network systems affected by the HIPAAregulationsLet's think about the implications of new regulations that havein effect raised the bar for the security of systems storing ortransmitting electronic medical records. Think of all the healthcare organizations out there transmitting data over networksthat currently don't, or won't, meet the new HIPAA mandatedsecurity requirements. As an example, consider if a law waspassed mandating seat belts in cars meet a certain performancestandard and auto manufactures then ignored that standard. Whatwould be the implications? What would the implications be ifeach auto manufacturer had clearly been put on notice that theseatbelt standard had changed, that what they had for seatbeltsnow was not in compliance with regulations, and that there was away to meet the new standard? If the auto manufacturers ignoredthat notice and opportunity to meet the new standard, what wouldbe the legal exposure and ramifications? HIPAA is mandating anew network security standard. The Engedi SRMa™ solution helpsnetworks meet that new standard.Here is a web-link to the portion of the HIPAA securityregulations of interest: - HIPAA security regulationsThe HIPAA compliance deadline dates are presented on this site:- HIPAA compliance deadline datesNetwork systems have a long list of vulnerabilities. There's nosingle product out there that removes all vulnerabilities. AnIntrusion Detection System (IDS) might reduce or eliminate anumber of known network system vulnerabilities, and a networkfirewall might reduce or eliminate another set of thevulnerabilities, some the same as the IDS does, and anotherproduct might close another group of vulnerabilities. The EngediSRMa™ closes or reduces a set of vulnerabilities left exposed bythe product solutions currently available on the market. Closingvulnerabilities is like caulking the hull of a ship - the goalis to plug as many holes as possible. There are a significantgroup of vulnerabilities that the SRMa™ and Key2 technology(K2t)™ uniquely close. Acting to reduce those networkvulnerabilities is necessary. Security breaches are costly. Howmuch would the loss of a list of 100,000 credit card IDs from ahospitals billing center be valued in dollar terms? Howimportant is the privacy and security of the list of AIDSinfected people in a community? What's the legal liability ifthat list, or a similar private list, is hacked and made public?The HIPAA regulations are setting a new standard.This intersection of digital networks, the health care industry,and government regulation presents an opportunity for forwardthinking individuals and companies to define standards, becomerecognized thought leaders, and motivate constructive change forlegal compliance in this evolving area.The HIPAA privacy requirements phased-in on 14 April, 2003. TheHIPAA security requirements have a compliance date of Spring2005. The Difference between Security and Privacy in HIPAA termsSecurity relates to the means by which an entity protects theprivacy of health information. The goal of security measures isto keep information secured, and decrease the means oftampering, destruction, or inappropriate access. There are fourcategories of requirements:* Administrative Procedures--documented, formal practices toprotect data* Physical Safeguards--protect data from fire, other natural andenvironmental hazards, and intrusion * Technical SecurityServices--protect information and control individual access toinformation * Technical Security Mechanisms--guard againstunauthorized access to data over communications networkPrivacy refers to the individual's right to keep certaininformation private, unless that information will be used ordisclosed with his or her permission. Privacy topics include:* Scope of Providers who must Comply * Rights of Individuals *Consent/Authorization Issues/Procedures/Processes * BusinessAssociates Requirements* Organized Health Care ArrangementsThere are civil penalties under HIPAA when entities orindividuals violate the privacy rule.Security and privacy are much intertwined -- security assuresprivacy.Application of Engedi Solutions to HIPAA RequirementsReviewing the 'Health Insurance Reform: Security Standards'final rule it seems that the Engedi Key2 Technology™ would be apowerful tool for protection against "reasonably anticipatedthreats or hazards to the security or integrity of theinformation and unauthorized use or disclosure of theinformation". This represents a large market need. Quoting again, "The standards require covered entities toimplement basic safeguards to protect electronic protectedhealth information from unauthorized access, alteration,deletion, and transmission". That's the Engedi K2t™ and SRMa™nicely described. A 'covered entity' is defined as "one of thefollowing: (1) A health plan; (2) a health care clearinghouse;(3) a health care provider who transmits any health informationin electronic form in connection with a transaction covered by[the regulations]."Quoting again, "the scope of the Security Rule is more limitedthan that of the Privacy Rule. The Privacy Rule applies toprotected health information in any form, whereas [the Security]rule applies only to protected health information in electronicform".The Security Regulations become effective in Spring 2005.HIPAA Regulations Create a New Security Standard for NetworkOperationsThe HIPAA regulations affect medical and healthcare providers inmany ways. The new security regulations coming out of HIPAA areraising the performance bar for telecommunications networks usedto transmit or access medical data. Specifically medical data inelectronic form.Entities covered by the HIPAA regulations must assess theircurrent systems and operations to ensure their businesspractices conform to these new security rules. One importantarea coming from HIPAA is the security of the network systemsused to access or transmit electronic healthcare information.Telecommunications network systems have a large number ofvulnerabilities. The networks are complex and growing. Newtechnologies are being added. There are constantly changingnetwork users with access to various layers of the network.Protecting the privacy and security of patient data inelectronic form is a challenge. There is a long list ofvulnerabilities in networks. Some of the vulnerabilities can beaddressed by the use of various products and technologies suchas firewalls, traffic monitoring systems, virus protectionsoftware and other solutions that protect against various knownvulnerabilities. There are other known and reasonablyanticipated vulnerabilities in operating networks affecting theprivacy and security of protected medical data that EngediTechnologies has unique and patent-pending solutions designed toaddress.The remote management of the distributed infrastructure ofnetworks is an area in which many networks have securityvulnerabilities. Engedi's Secure Remote Management (SRM)™technology is designed to provide a highly secure, multi-pathedcapability for network administrators to quickly and securelyaccess and manage the remotely located equipment and devices intheir networks. Engedi's SRM technology meets the pressing needto improve the security of networks during remote management ofthe distributed network infrastructure. The vulnerabilities thatexist in networks during remote management are well known andcan be addressed today by the use of Engedi's patent pendingSRM™ technology. Another area of network operations that is of particular concernis the damaging effect of the malicious insider. Over half ofsuccessful network attacks come from the insider, that is, theattacks come from a person with some level of administrativerights and access that place him or her on the inside of thenetwork. The malicious insider is a very well known andreasonably anticipated threat to the security and privacy ofnetwork operations. Engedi Technologies has a solution to themalicious insider with a technology called "Key2 technology(K2t)". This multi-party authorization solution protects thenetwork from the compromised or inexperienced insider. Networksthat transmit data or permit access to data that is private andneeds to be secure have a pressing need for a solution to themalicious insider. Engedi's Key2 Technology (K2t)™ is thatsolution. Engedi Technologies works with partners to deliver and implementEngedi's advanced technology solutions to networks operatingunder HIPAA security guidelines and regulations. HIPAA mandatesthat known and reasonably anticipated threats andvulnerabilities affecting the security and privacy of patientmedical data be addressed. Engedi has solutions for two of theneeds that operating networks must address for HIPAA compliance. New standards exist under the HIPAA security rules for theremote management of networks and for protection against themalicious insider. It is no longer acceptable to ignore or allowsecurity vulnerabilities to known and reasonably anticipatednetwork threats to continue unaddressed or unabated. EngediTechnologies delivers needed solutions in the Secure RemoteManagement (SRM) and Key2 Technology (K2t) to create andmaintain networks systems in compliance with the new HIPAAmandated security rules. For more information on Engedi's network security solutionsplease contact EngediTechnologies, Inc or one of their partners. When security ofthe network is important and the privacy of data is paramount,Engedi Technologies provides solutions every operating networkshould have and can have today.==========================Article date: May 15, 2004Article Links: - EngediTechnologies, Inc - - Secure Remote Managementappliance (SRMA) - Key2 Technology(K2t) © 2005 Engedi Technologies, Inc. ( http://engedi.net ) You mayreprint this article online and in print provided the linksremain live and the content remains unaltered (including the"About the Author" message).