Académique Documents
Professionnel Documents
Culture Documents
The Echoworx
Healthcare Encryption
Solution helps you to
comply to HIPAA
regulations
Toronto
4101 Yonge Street
Suite 708,
Toronto, ON, Canada
M2P 1N6
Atlanta
1890 The Exchange
Atlanta, GA
30339
London
27 Old Gloucester Street
London, United Kingdom
WC1N 3AX
Businesses
including
Healthcare
organiza3ons
are
required
by
law
to
protect
vital
email
and
data
communica3ons.
Healthcare
providers,
lawyers,
financial
advisors,
accountants,
educators,
and
other
professional
advisors
have
ethical
and
fiduciary
du3es
to
keep
personal
informa3on
about
their
clients’
confiden3al
informa3on.
Healthcare
providers
need
to
be
able
to
trust
their
email
communica3ons
and
reduce
the
risk
of
damage
to
their
brand
resul3ng
from
informa3on
obtained
through
intercepted
email.
Consumers
are
concerned
about
personal
security,
privacy,
fraud
and
iden3ty
theB.
Governments
have
also
enacted
legisla3ve
measures
to
protect
the
privacy
of
personal
informa3on
which
either
expressly
or
impliedly
apply
to
personal
informa3on
communicated
electronically.
Federal
and
state
governments
have
enacted
legisla3on
that
protect
the
privacy
of
personal
informa3on
generally,
as
well
as
industry-‐specific
legisla3on
that
protects
confiden3al
informa3on
from
unauthorized
disclosure
and
use.
Privacy
legisla3on
imposes
a
general
obliga3on
on
businesses
and
government
to
protect
the
privacy
and
security
of
personal
and
private
informa3on.
Some
privacy
legisla3on
expressly
requires
that
specific
measures
be
taken
to
protect
against
unauthorized
disclosure
of
electronically
stored
or
communicated
informa3on.
The
test
is
whether
“reasonable
measures”
have
been
considered
and
implemented
to
protect
the
privacy
of
personal
informa3on.
There
is
no
longer
a
reasonable
expecta3on
that
email
cannot
be
intercepted
and
read
without
authoriza3on.
HIPAA
mandates
the
privacy
and
security
of
protected
health
informa3on
(PHI).
The
HIPAA
security
rule
was
published
in
May
2003
and
subject
to
enforcement
for
all
covered
en33es
star3ng
in
April
2005.
Given
the
produc3vity
gains
for
healthcare
professionals
to
communicate
with
pa3ents
and
other
doctors
and
health
professionals
via
email,
healthcare
organiza3ons
need
to
leverage
real-‐3me
electronic
communica3ons,
but
do
so
securely.
New HIPAA
HIPAA at a glance Requirements
• Health
Care
Providers
who
transmit
any
health
informa3on
in
electronic
form
in
connec3on
O I G : O f fi c e o f t h e
with
a
transac3on
for
a
“covered
en3ty”.
Inspector General.
• Email
messages
containing
protected
health
informa3on
are
secured,
even
when
transmiaed
via
unencrypted
links
• Senders and recipients are properly verified via person or en3ty authen3ca3on
Under
HIPAA,
the
Department
of
Health
and
Human
Services
publishes
a
Security
Rule
manda3ng
that
each
covered
en3ty
develop
policies,
procedures
and
con3ngency
plans
for
securing
informa3on.
The
HIPAA
Security
Rule
does
not
expressly
prohibit
the
use
of
email
for
sending
electronic
protected
health
informa3on
(PHI).
The
Security
Rule
allows
for
electronic
PHI
to
be
sent
over
an
electronic
open
network
as
long
as
it
is
adequately
protected.
The
standard
for
transmission
security
(§
164.312(e))
also
includes
specifica3ons
for
integrity
controls
and
encryp3on.
This
means
that
the
covered
en3ty
must
assess
its
use
of
open
networks,
iden3fy
the
available
and
appropriate
means
to
protect
electronic
PHI
as
it
is
transmiaed,
select
a
solu3on,
and
document
the
decision.
Under
HIPAA,
the
Department
of
Health
and
Human
Services
publishes
a
Security
Rule
manda3ng
O I G : O f fi c e o f t h e
that
each
covered
en3ty
faces
a
fine
of
$50,000
and
up
to
one-‐year
imprisonment
(HIPAA
§
Inspector General.
1177).
The
criminal
penal3es
increase
to
$100,000
and
up
to
five
years
imprisonment
if
the
wrongful
conduct
involves
false
pretenses,
and
to
$250,000
and
up
to
ten
years
imprisonment
if
the
wrongful
conduct
involves
the
intent
to
sell,
transfer,
or
use
individually
iden3fiable
health
informa3on
for
commercial
advantage,
personal
gain,
or
malicious
harm
(HIPAA
§
1177).
Encrypted Mail
How Echoworx Encryption helps you to comply to HIPAA? Gateway
Echoworx
delivers
the
highest
level
of
email
and
data
security
by
providing
a
strong
email
EMG end users do not
require any training, since
encryp3on
and
document
encryp3on
solu3on.
From
the
beginning,
Echoworx
has
focused
on
policy enforcement and
providing
the
most
secure
email
encryp3on
solu3ons
while
making
the
solu3on
the
easiest
to
use
encryption is completely
in
the
industry.
Echoworx
encryp3on
products
provide
strong
protec3on
for
data
while
trans- parent. A user simply
transmisson
over
open
networks
due
to
the
use
of
security
standards
such
as
PKI,
S/MIME,
X.509,
composes the email, and the
and
TLS. content is automatically
scanned to detect whether
the message should be
Echoworx Encrypted Mail Gateway (EMG) encrypted before it is sent.
Echoworx
Encrypted
Mail
Gateway
(EMG)
makes
secure
messaging
as
easy
to
use
and
Standards-based
transparent
as
normal
email.
EMG
allows
Healthcare
providers
to
set
flexible
policies
that
Encryption
automate
the
encryp3on
of
outbound
email
which
mi3gate
the
risks
of
regulatory
viola3ons,
data
PKI, S/MIME and X.509 AES,
loss
and
corporate
policy
viola3ons,
without
impac3ng
day
to
day
business
ac3vi3es.
EMG
makes
128- bit SSL, 1024 bit RSA
it
easy
to
share
sensi3ve
informa3on
with
other
healthcare
providers,
pa3ents,
and
individual
keys with MDS and SHA-1 for
strong encryption and digital
physician
offices.
signature.
Rapid Deployment
With
EMG
there
is
no
user
training
required
as
email
is
encrypted
at
the
boundary
or
gateway
A few deployment options are
based
on
triggered
policies.
The
Echoworx
EMG
solu3on
automa3cally
and
dynamically
applies
available based on a
encryp3on
or
decryp3on
based
on
your
organiza3on’s
policies,
right
at
the
gateway.
As
a
result,
companyʼs preferred
end
users
do
not
require
any
special
training
or
need
to
download
any
special
soBware
to
use
the
configuration.
Secure Reply
service. EMG allows anyone who
receives an Encrypted Mail
message to respond securely
without installing any
software.
Using
a
simple
point-‐and-‐click
web
interface,
enterprises
can
easily
set
their
email
encryp3on
and
DLP
policies
for
their
email
content,
and
can
review
and
customize
these
rules
when
necessary.
Enterprises
can
u3lize
the
EMG
admin
console
to
access
audit
reports
that
will
iden3fy
corporate
Did you know?
email
risks
and
where
they
can
monitor
ongoing
communica3on
and
if
necessary,
alter
the
email
encryp3on
and
DLP
policies
to
mi3gate
risks.
The list of 2010
Healthcare Common
Procedure Codes
The
EMG
Policy
Engine
allows
healthcare
organiza3ons
to
implement
encryp3on
based
on
(HCPCS) contain over
specific
message
content
and
sender
or
recipient
iden3ty,
or
as
follows: 9,600 expressions. All of
the 2010 HCPCS codes
• Confiden3al
informa3on
–
social
insurance,
credit
card,
account
numbers,
banking
are built into the
Echoworx EMG solution.
transac3ons,
loans
and
balances
• Pa3ent
informa3on
-‐
Pa3ent
numbers,
Medical
record
numbers
• Insurance
Informa3on
-‐
NDC
Drug
Numbers
• HCPCS
Codes
for
2010
• HIPAA
oriented
keywords
and
regular
expressions
• Include
domain
names,
specific
groups
within
the
organiza3on
• Health
Informa3on
(pa3ent
iden3fiers,
health
condi3ons)
• Unique
terminology
–
specific
to
healthcare
ver3cals,
pertaining
to
proprietary
informa3on
or
intellectual
property
• All
of
the
above
can
also
relate
to
message
aaachments
such
as
excel
spreadsheets,
PDFs
or
executable
(*.EXE)
files
Echoworx
is
a
provider
of
security
solu3ons
for
enhancing
privacy
and
trust
in
digital
communica3ons.
Echoworx
privacy
applica3ons
leverage
the
power
of
Echoworx
Encryp3on
Services
(EES)
platorm,
which
is
hosted
at
Secure
Data
Centers
around
the
globe.
All
data
is
encrypted
using
industry
trusted
standard
PKI
(Public
Key
Infrastructure)
and
S/MIME
technologies
for
strong
encryp3on
and
digital
signatures,
relying
on
standard
X.509
cer3ficates.
Echoworx
data
privacy
applica3ons
include:
Encrypted
Mail,
Policy-‐based
Encrypted
Mail
Gateway,
Encrypted
Documents,
Encrypted
Document
Presentment,
and
Encrypted
Message
eXchange.
Echoworx
products
are
currently
offered
by
leading
communica3on
providers
that
include:
AT&T,
BT,
Symantec,
LogicaCMG,
Telus,
and
Verizon.
This document is the intellectual, proprietary and confidential property of Echoworx Corporation. This document is
provided for informational purposes only and Echoworx makes no warranties, either express or implied. Information in
this document, including URLs and other Internet references, are subject to change without notice. The entire risk of
the use or the results of the use of this document remains with the user.
By accepting possession of this document the recipient agrees to keep the contents of this document in confidence
and not to redistribute, duplicate, or disclose the contents of this document unless otherwise agreed to by Echoworx
Corporation.
Echoworx Corporation. 4101 Yonge Street, Suite 708, Toronto, Ontario M2P 1N6 Canada, http://www.echoworx.com/