HIPAA/HITECH

 

Packet General appliances have been designed to protect data and enable compliance.

Feature

Detail

Compliance

Packet General solutions are delivered as ready-to-deploy and secure appliances to provide maximum security and performance.

Packet General appliances are dedicated solutions designed to deliver a specific functionality in the most secure manner. Our security experts pre-configure these appliances to provide maximum security. All appliances use a "transitive trust model" to control the entire data path traversed by the protected health information. Only the minimal set of required services are installed on each appliance.

Protects HIPAA covered entities against unauthorized acquisition, access, use, or disclosure of the electronic protected health information (EPHI).

Section 164.306 - 45 CFR Subtitle A (10-1-07 Edition)

Transparent encryption of transfer files at rest and in transit.

Packet General appliances encrypt EPHI "in transit" as well as "at rest". The encryption of data is transparent. There is no requirement to change the application code or install an agent at the client end to achieve encryption. The encryption process does not alter the end-user's experience. Data can selectively be encrypted based on business importance at the “share” level. This saves time and increases performance. Packet General's appliances use the AES algorithm for encryption. The key length used is 256.

Encryption provides privacy/confidentiality in case of physical loss of EPHI. Enables compliance with section 164.312 (a) (1)

Lifetime key management using FIPS 140-2 compliant smart-cards

The security of any cryptography-enabled system ultimately depends on the security of the cryptographic keys and certificates used. Key generation, storage, and/or distribution are always critical aspects of any distributed secure system. Packet General's appliances use several cryptographic keys to provide a comprehensive solution. FIPS 140-2 Level 2/3 compliant smart-cards (with EAL5/EAL5+ chip and EAL4+ operating system) are used for key management. In order to satisfy various compliance requirements, provisions have been made to securely generate, distribute, rotate and revoke keys.

Proper key management is necessary to prevent inadvertent disclosure of EPHI and to avoid non-compliance with "any reasonably anticipated threats" clause of Section 164.312 (a) (1)

Protection against privileged insiders

Misplaced trust in the privileged user (“root”) exposes a regular file transfer server to ever increasing malicious activity. This occurs because the underlying operating system implicitly trusts the privileged user which leads to many problems. For example, a malicious privileged user can view data stored in any file that is being transferred. Moreover, the malicious privileged user can launch subtle attacks by changing data. Any record of such activity can be easily altered or deleted by the privileged user. This not only violates the corporate trust but also results in regulatory non-compliance.

Packet General's appliances eliminate this very critical flaw. A regular "privileged user" has no control over a Packet General appliance. In fact the privileged user is not even allowed to view the EPHI and when such an attempt is made, a real-time alert is generated.

Enables with compliance with sections 164.312 (a) (1), 164.312 (c) (1)

Data integrity

A successful attacker can alter the data stored in transfer files or alter the functionality of the server so that sensitive information is revealed. Users and administrators of the system remain unaware since it's done without altering the expected behavior. Packet General's appliances eliminate the data tampering threat. Checksums are computed before data is written to the disk. Upon receipt of a read request, the integrity of data is re-established by matching the expected checksum values against the actual checksum values. These powerful capabilities ensure data integrity and enable compliance.

This feature ensures that the EPHI has not been altered or destroyed in an unauthorized manner.

 

Enables compliance with 164.312 (c) (1)

Role-based platform management

Role Based Access Control (RBAC) is the establishment of access rights based on a user’s role. Packet General appliances use advanced Role-based access control (RBAC) to ensure the best possible security while simplifying administration. Administration of the various aspects of a Packet General platform is partitioned among several different classes of administrators–each type of administrator has access to and control over only the aspects of the appliance's operation required to successfully fulfill their responsibilities. There is no single “privileged user” to manage the appliance; rather, different aspects are managed by distinct entities that are responsible for different aspects of the appliance.

Role-based access control mechanism allows access to "only to those persons or software programs that have been granted access rights" as per technical safeguards under 164.312.

Enables compliance with the access control provision of section 164.312 (a) (1)

Tamper-resistant file access logs

All material operations conducted on Packet General appliances are logged and cryptographically signed and stored in an encrypted vault. Even the appliance's administrators are denied access to this critical evidentiary material.

The access logs provide evidentiary material necessary to demonstrate that the workforce is in compliance with 164.306, 164.308, 164.310, 164.312, 164.314 and 164.316

Section 164.306 - 45 CFR Subtitle A (10-1-07 Edition)

Single Touch™ updates

Packet General's service model helps customers maintain integrity of their data on a non-stop basis. Packet General's security experts monitor all security advisories, and test their suggested resolutions (patches). Packet General appliances, located at the customers sites, securely and automatically download the necessary updates. Single Touch™ application of security updates provides a quick and assured resolution to a known security problem without further testing. This rapid response mechanism eliminates the gap that generally exists between the availability and the installation of a security patch.

Necessary to protect EPHI and to maintain a compliant status.

EPHI File Transfer Data

Vault-GENERAL™
Vault-GENERAL™ is a secure file vault that allows HIPPA covered entities to exchange EPHI files in a secure and HITECH compliant manner. Vault-GENERAL™ eliminates headaches that are associated with creating a homegrown file transfer setup. Vault-GENERAL™ is a ready to deploy appliance specially designed to handle sensitive data and is also available as service.

 

EPHI File Data

File-GENERAL™
File-GENERAL™ transparently encrypts EPHI files before storing them. Access to these regulated files is granted by a duly authorized File-GENERAL™ administrator. Each file access is logged, time stamped and cryptographically signed. The logs are cryptographically signed and stored in an encrypted vault to provide non-repudiation. File-GENERAL™ is ideal solution for organizations who simply want to encrypt their EPHI data without making any changes to their current application.

 

MySQL Database

PCI-GENERAL™PCI-GENERAL™ is a secure MySQL database appliance that has been designed from ground up to enable compliance. The appliance transparently encrypts MySQL data, provides FIPS compliant key management and creates irrevocable logs for audit purposes. PCI-GENERAL™ is an ideal solution for organizations that store the protected health information (EPHI) in a regular MySQL database.