Securing Healthcare Data for HIPAA and HITECH Compliance

Jim Donovan, VP, Product Management & Customer Operations
Wasabi Technologies, Inc.
01/09/2018
Blog

When it comes to data, healthcare is one of today’s most regulated industries—with strict legal guidelines around how, when, and to whom sensitive health and other private information can be shared. The two main U.S. data regulations for healthcare are the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH).

HIPAA and HITECH: A Closer Look

Enacted in 1996, HIPAA is made up of two major rules: a Privacy Rule designed to protect patients’ individually identifiable health information and set limits on how healthcare providers can use and share that information; and a Security Rule that sets up national standards to ensure IT systems and infrastructure are well protected from unauthorized access.

The HITECH Act of 2009 expands the original HIPAA mandate and introduces financial incentives to motivate healthcare providers and other associated businesses to adopt health information technology. It also requires providers to notify patients if their protected information is breached.

Both mandates put pressure on healthcare IT organizations to implement powerful security systems and practices to protect access to highly confidential data and to safeguard the integrity of electronic health records (EHRs) throughout their lifecycle. Those organizations have to ensure that EHRs aren’t deleted, corrupted, tampered with, stolen, or authorized by the wrong people.

While the federal government is serious about HIPAA and HITECH compliance, it doesn’t have any type of certification process. It’s up to each healthcare organization and infrastructure provider to ensure that their systems and practices are HIPAA and HITECH compliant.

Wasabi Can Help Healthcare Organizations Stay Compliant

We care about the security of every business’s data—including healthcare organizations subject to HIPAA and HITECH mandates. Healthcare organizations use Wasabi hot storage for a variety of data types, from EHRs to medical imaging files to IoT applications to R&D data for drugs, devices and treatments. They can also deploy it for a number of different use cases:

  • Low-cost primary storage for on-premises or cloud-based workloads
  • Economical secondary storage for backup, disaster recovery in the cloud, or data migration initiatives
  • Affordable and reliable archival storage for long-term data retention

However these organizations use Wasabi hot storage, they can be confident that they’re complying with HIPAA and HITECH regulations. An independent CPA firm (Schellman & Company) recently evaluated our security architecture, systems and practices. After a thorough audit, we received an attestation report confirming that Wasabi complies with HIPAA security and privacy rules for protected health information. This compliance validation from one of the most respected HIPAA auditing firms helps provide assurance to our healthcare customers that we are protecting their data in a manner consistent with HIPAA and HITECH requirements.

The security of confidential and proprietary data will always be a hot-button issue—and at Wasabi, we remain committed to continual research and implementation of ever-better ways to protect the information that powers your business.

To learn more, visit our HIPAA and HITECH page.