HIPAA Data Security Requirements
The Health Insurance Portability and Accountability Act (HIPAA) includes a Security Rule to protect how electronic PHI (ePHI) is created, received, used, or maintained. The Security Rule includes required and addressable safeguards to maintain the integrity, availability, and confidentiality of ePHI, such as:
- ePHI – whether at rest or in transit – must be encrypted to NIST standards once it travels beyond internal firewalled servers and render data unreadable and unusable if a breach occurs.
- Use activity logs and audit controls to register attempted access to ePHI.
- Empower employees to be secure, train on procedures governing access to ePHI, and help prevent human error.
Unlike solutions using TLS encryption that only encrypts data in transit, Virtru protects data from creation to storage to internal and external sharing. Virtru uses encryption algorithms that comply with FIPS 140-2, is FedRAMP authorized at the moderate impact level, and adheres to the security controls defined by NIST SP 800-53. Virtru cannot access your protected data at any time.
Download the full data sheet to learn how Virtru can help your organization meet compliance and mitigate risk.