Consulting and Advisory Firm Specializing in Data Security Helps Health Care Organizations Comply with New Breach Notification Rules Concerning Encryption in HITECH ACT, within ARRA
Experior Data helps health care organizations (covered entities and business associates) implement encryption and data security technologies to protect medical records. Encrypted medical information, called secured protected health information, exempts healthcare organizations from having to notify people in case of a breach. Breach notification, as specified in the HITECH Act within ARRA, can be very costly and could tarnish the brand and image of a healthcare organization. It can also subject healthcare organizations to substantial fines and in certain cases criminal prosecution.
New York, NY (PRWEB) August 28, 2009
Experior Data Security and Encryption (http://www. experiordata. com) launches practice in health care encryption in response to increasingly stringent privacy regulations for health care organizations. The New York City-based company's mission is to help health care organizations protect patient record information that exists in IT systems via specialized software and services.
"The American Recovery and Reinvestment Act of 2009 provides incentives for medical care providers to transition from paper health records to electronic health records. It is those electronic health records that we help secure", says Alex Zaltsman, a Founder and Director at Experior Data Security and Encryption.
The Health Information Technology for Economic and Clinical Health ( HITECH ) Act, passed as part of the American Recovery and Reinvestment Act of 2009 ( ARRA ) (http://www. experiordata. com/images/american_recovery_reinvestment_act. pdf), has substantially increased the penalties for health care organizations that suffer a security breach. Health care providers and other entities covered by the Health Insurance Portability and Accountability Act ( HIPAA ) (http://www. experiordata. com/images/hippasecurityfinalrule. pdf) are required to notify people if a breach or unauthorized access has occurred, and may result in a violation of privacy or even identity theft. In cases where a breach affects less than 500 people health care organizations must keep a log and submit it to the Department of Health and Human Services on a yearly basis. In cases where a breach affects more than 500 people health care organizations face considerable and serious consequences. They must notify a major media outlet, the federal government, and set up a hotline. They also face fines, in certain cases, as high as US $1.5 million per calendar year, and the possibility of criminal charges should the company or an individual be found willfully negligent. However, covered entities that secure health information through encryption or proper destruction are exempt from the notification requirements should a breach occur. Enforcement of breach notification requirements is expected to begin in February 2010, although the government reserves the right of enforcement prior to that date but no earlier than 30 days after the publication of the interim final rule in the Federal Register.
"It is critical to choose the right data security solution for your organization. Encryption software is prevalent and there are many software companies that offer seemingly simple and inexpensive products. However, deploying piecemeal encryption applications that are not part of a strategic plan (http://www. experiordata. com/blog/?p=60) nor centrally managed is dangerous and not recommended. There may not be proper encryption key management in place and companies may not be able to access the encrypted information after an employee leaves or is terminated. Organizations should identify the areas of vulnerability within their IT systems and strategically plan on securing those areas. Centralized management of any data security solution being deployed is highly recommended", says Zaltsman.
Experior Data Security and Encryption specializes in the installation and maintenance of the software and technologies necessary to encrypt sensitive information so that only authorized individuals can access protected health information. Each engagement is custom tailored to the customer's individual needs using systems and processes to ensure that customers obtain the most value from their investment in encryption technology products and services.
Experior Data researches best-of-breed technologies, saving health care organizations time and resources. They emphasize the value of implementing a platform as opposed to point solutions to help eliminate human error and enable management to think strategically about security and data encryption policies.
"There are four major points of vulnerabilities to protected health information (PHI) (http://www. experiordata. com/blog/?p=36) identified by the government: Data in Motion (http://www. experiordata. com/data_motion. php), Data at Rest (http://www. experiordata. com/data_rest. php), Data in Use (http://www. experiordata. com/data_use. php), and Data Disposed (http://www. experiordata. com/data_disposed. php). Protecting PHI at these four points requires deployment of other technologies, such as e-mail encryption, two-factor authentication, endpoint and storage security, and intrusion detection to help secure PHI", adds Zaltsman.
Health care entities are facing increasingly stringent penalties in the case of a data breach where unprotected patient information is at risk. With specialized services and technologies from Experior Data Security and Encryption (http://www. experiordata. com/why_chooseus. php), health care organizations can both protect patient health information and achieve compliance with HITECH and HIPAA.
In response to substantial demand for identification of vulnerabilities within health care organizations which are covered entities or business associates, Experior Data is offering reduced rates for those organizations that engage Experior Data's services by 9/30/2009. Organizations that contract with Experior Data by 9/30/2009 will receive a 30% discount on all services rendered until 12/31/2009.
Call 877-4ENCRYPT (877-436-2797) or e-mail urgent - at - experiordata. com to learn more about Experior Data's product and service offerings. You may also follow Experior Data's feed on Twitter (http://www. twitter. com/experiordata) to learn about the staff's immediate thoughts on relevant protected health information topics.
Experior Data is also seeking partners (http://www. experiordata. com/partners. php) such as law firms, value-added resellers, and healthcare and management consultants to work together on securing protected health information.
About Experior Data Security and Encryption
Experior Data Security and Encryption is a consulting and advisory firm specializing in helping customers comply with federal regulations related to health care such as the American Recovery and Reinvestment Act of 2009 (ARRA) and the Healthcare Insurance Portability and Accountability Act (HIPAA). The company performs its work by using best-of-breed products to protect personal health information. Experior Data differentiates itself by specializing in security and encryption of health records to ensure that health care organizations meet and/or exceed government requirements for securing protected health information.
This press release was prepared by Bedell Communications (http://www. bedellcommunications. com), a copywriting and consulting firm specializing in technology and B2B communications. Reach us at (509) 499-2793.
###