SecureDx.net
SDE - Secure Data Exchange
 

Home

About Us

Terms & Conditions

Sign Up

Contact Us

     

Why SDE?

ARM Against Breach Notification...

Cloud Securty Problems

Cloud Security Solutions

Securing Your Business Transactions...

Getting Started

Frequently Asked Questions

Access SDE using iPad/MacBook

SDE Client Training Video

Download SDE Client

ARM (Audit Risk Management) Against PHI Breach Notification Rules


New HIPAA HITECH Security Breach Notification Rules Require Immediate Action

The new HIPAA HITECH security breach notification Rules is transformational legislation that anticipates a massive expansion in the exchange of electronic protected health information (ePHI). The HITECH Act widens the scope of access control, privacy and security protections available under HIPAA; increases potential legal liability for non-compliance; and provides more enforcement of HIPAA rules.

In general, the Act requires that patients be notified of any unsecured breach. If a breach impacts 500 patients or more then HHS must also be notified. Notification will trigger posting the breaching entity's name on HHS' website. Under certain conditions local media will also need to be notified. Furthermore, notification is triggered whether the unsecured breach occurred externally or internally. The examples most PHI violation includes...

  • Patient data saved on the notebook, tablet, smartphones … leaving patient data accessible to anyone causing PHI breaches and breach notification if it is lost or stolen
  • Failure to restrict wireless access at the device level.....an easy target for intruder hackers to access all ePHI stored on wireless devices and access to ePHi on other devices or EMR/EHR system
  • Exchanging ePHI using an email system to communicate with patient and/or other healthcare service providers…the breach notification rule is triggered even if the ePHI is sent using a secure email system since it violates the following HIPAA Access control, Privacy, Security and Audit Trail Regulations:
      - Access Control: 164.312(a)(1)
      - Person or Entity Authentication 164.312(d)
      - Integrity 164.312(c)(1)
      - Transmission Security 164.312(e)(1)
      - Audit Controls: 164.312(b)

Solution to Patient Data Security

SDE is direct client-to-client multi-layer security providing HIPAA compliant ePHI communication covering the HIPAA/HITECH's legal requirements for access control, privacy and security
  • Message security using any email system
  • Delivers ePHI directly into recipient's inbox
  • Increases level of security with the use of two forms of user authentication ( Person or Entity Authentication - [164.312.(d)])
  • Comprehensive Access Control ( only the authenticated recipient from the authenticated originator sees the message/document; secure message/document cannot be accessed by a third party)
  • End-to-end security;
      without need of digital certificates (subject to fraud/theft);
      eliminates "data loss potential" existing at system interchanges (connectivity to cloud systems for meaningful use where user is not part of infrastructure , unsecure email notification, data access links…easy targets for hackers)
  • Automatically blocks ePHI access from mobile device if lost or stolen...even if the PWD/PIN is discovered
  • Everything is hidden; cannot identify sender/recipient, document content or subject
  • Audit trail of authorized recipient, authenticated originator, and original document;
      provides access time stamp (equivalent to certified mail with return receipt);
      only accessible by the authenticated user
  • Allows revoking of secure message if sent in error tat is not possible using secure email or current security technology
  • Allows recipient to securely and easily reply to message originator…free of charge which is key feature necessary for participating physician/hospital/patient
  • Interoperability Solution ("Mitigating Risk of Exchanging Patient Data")

    Interoperability among participating providers with meaningful Use 2 for "Point of Care" fails to accurately share PHI… leads to potential malpractice risk of negligence ( AMIA doi: 10.1136/amiajnl-2014-002883) states: "we identified 11 specific areas of errors and variability that creates barriers to interoperability of C-CDA documents (Consolidated Clinical Document Architecture)" ....technical support is available to integrate SDE Client with EMR system to accurately share ePHI for patient's point-of-care

The SDE Differentiators

  • Access Contro (only the authenticated recipient from the authenticated originator sees the message/document; secure message/document cannot be accessed by a third party)
  • Privacy (everything is hidden; cannot identify sender/recipient, document content or subject)
  • Security (Enhanced multi-layer end-to-end security without the need for digital certificates which are subject to theft and fraud ; original document not alterable or accessible during secure data exchange between sender and recipient)
  • Audit Trail (multi-layer secure archive of authorized recipient, authenticated originator, original document and access time stamp (equivalent to certified mail with return receipt) that is only accessible by the authenticated user)
  • Automated control and management of sensitive documents by the users (automated secure archive database of original documents linked with unidentifiable secure document) that can be automatically configured at the enterprise (network) level



* based on the unique concepts of the licensed IP portfolio of the business processes at the information level and SDE apparatus patents


All contents copyrighted; SecureDx.net
Terms of Use and Privacy Statement