The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is the result of efforts by the federal government to ensure healthcare data practices allow patients to easily move jobs, insurance, and/or healthcare providers.
The goals and objectives of this legislation are to streamline industry inefficiencies, reduce paperwork, make it easier to detect and prosecute fraud and abuse, while enabling workers of all professions to change jobs easily even if they (or family members) had pre-existing medical conditions.
HIPAA requires the ability to establish and maintain reasonable and appropriate administrative, technical, and physical safeguards to ensure integrity, confidentiality, and availability of information. Organizations comprising all industries are required to individually assess their security and privacy requirements and take suitable measures to implement electronic data protection (both in transit and in storage). As proposed, a HIPAA-compliant information system must include a combination of administrative procedures, physical safeguards, and technical measures to protect user information while it is stored and transmitted across communications networks. IDrive Inc. provides critical data security protection without compromising patient privacy and can help customers achieve HIPAA compliance.
IDrive assists organizations to be HIPAA compliant in the following manner:
- Data is encrypted using AES-256 CCM encryption when stored on your local BMR device and on the IDrive cloud. Your data is also encrypted during transfer to the cloud account.
- Unauthorized access to individually identifiable records is strictly forbidden.
- Access to the vaults and the data center is strictly controlled through administrative procedures, physical safeguards, and technical security measures to prevent unauthorized use or disclosure of customer data.
- Data remains on the IDrive servers for as long as you want to retain it, as specified in your cloud retention policy.
Note: Many of the compliance items require usage of the optional private encryption key that is known only to the user and not stored on IDrive servers.