Achieve HIPAA Compliance with Perimeter 81

Data security has grown into a significant problem for healthcare organizations as the proliferation of electronic patient data grows. Protect PHI through Perimeter 81’s integrity control, access control, audit control and network security solution. 

Achieve HIPAA Compliance with Perimeter 81

HIPAA Compliance: How a VPN Can Help

HIPAA compliance encompasses limitations on uses and disclosures of PHI, relevant safeguards, and individuals’ rights with respect to their health information. Perimeter 81 offers always-on VPN encryption, 2FA and more to ensure that PHI is as accessible as it is secure.

Encrypt Transmitted Data

Electronic protected health information (ePHI), both at rest or in transit, is encrypted to NIST standards. When implemented, any breach of confidential patient information renders the data unreadable, indecipherable and unusable.

Secure Remote Access

Most ePHI breaches result from compromised devices that contain unencrypted data or the transmission of unsecured ePHI across open networks. Simple, always-on encryption of all traffic, as well as traffic firewalling and device posture checks ensure that stored and transmitted data is private.

HIPAA Requirements

HIPAA requirements for covered entities include and are limited to the security concepts of access controls (centrally-controlled unique credentials for each user and procedures to govern the release or disclosure of ePHI), integrity controls (policies and procedures to ensure that ePHI is not improperly altered or destroyed), audit controls (hardware, software, and/or procedural mechanisms to record and examine access and other ePHI-adjacent activity), and finally, network security (encryption, firewalling, etc.).

What Information Does the Privacy Rule Protect?

The HIPAA Privacy Rules cover protected healthcare information (PHI), which is data about medical subjects. Anything that is “individually identifiable” health information that is held or transmitted by a covered entity or business associate in any form – electronic, paper, or otherwise. It even covers verbal transmission of data! Relevant subject matter includes your past, present or future medical condition, the provision of healthcare to you and details therein, and payment for that healthcare (which is typically information that hackers value).

What is the HIPAA Omnibus Rule?

The purpose of the HIPAA Omnibus Rule, which was a final addition to HIPAA as a part of the 2009 HITECH (Health Information Technology for Economic and Clinical Health) Act, was to accomplish four primary goals. The first is to strengthen the privacy and security protection for individuals’ healthcare data. The second modified and improved the Breach Notification Rule for when breaches are detected. The third modified and strengthened HIPAA rules for genetic information and to protect against genetic discrimination; and the fourth was an administrative upgrade designed to make the compliance process more streamlined and transparent.

HIPAA Compliance Checklist White Paper

Has Your Company Achieved the HIPAA Compliance Checklist?

The path to provable HIPAA compliance is shorter and less complicated than many believe. With simple, scalable network and security tools, achieving — and maintaining — compliance is within your grasp.

Easily Secure Your HIPAA Technical Safeguards

Technical safeguards ensure only authorized entities can access ePHI.  

Integrity Controls

Integrity Controls

HIPAA compliance requires that covered entities must implement policies and procedures to ensure that ePHI is not improperly altered or destroyed. VPNs use authentication to confirm whether data has been accessed or tampered with, providing straightforward integrity control. Using pre-shared keys, a HIPAA compliant VPN can identify, authenticate and authorize user access. 

Access Control

Access Control

A covered entity must implement centrally-controlled unique credentials for each user. A cloud VPN that offers a centralized cloud management platform allows organizations to create customized user access to sensitive data. That includes cloud environments, SaaS services, sandbox and production environments, and more.

Network Security

Network Security

To protect against unauthorized public access to ePHI, authorized users must encrypt all data that is sent beyond an internal firewalled server. Using a VPN, data passing over any network is secured with advanced encryption. This creates a virtual tunnel so data can’t be intercepted by snoopers, hackers or third parties. 

Audit Controls

Audit Controls

Organizations must implement hardware, software, and/or procedural mechanisms to record and examine access to information systems that contain or use ePHI. VPNs can offer detailed activity reports and network visibility by identifying and recording access to your systems and data. This includes what applications were used and how much bandwidth was consumed.

Achieve HIPAA Compliance with One Secure Solution

Storing, accessing and backing up ePHI for many healthcare technology companies and providers is challenging, especially as resources move to the cloud, but with Perimeter 81 compliance for HIPAA, SOC 2 and ISO 27001 and GDPR can be completed in just 15 minutes.