Aladdin Security Solutions for HIPAA Compliance

After many delays, healthcare organizations are now finally under an established HIPAA-mandated deadline (most must be in compliance by 2005) to safeguard their electronic protected health information (ePHI).

And while no single solution meets all the technical security requirements of HIPAA, Aladdin security products can help healthcare organizations comply with many* of the requirements. Following is a list of key security requirements in the final HIPAA Security Rule published in April 2003, as well as the applicable Aladdin solution(s):

Unique User Authentication

HIPPA mandates that the confidentiality of individually identifiable health data be protected by authentication of the users that access such records. Passwords, the most common authentication mechanism, have been shown to leave organizations highly vulnerable to breaches in security. This is because passwords are often written down and are easily guessed, stolen, shared, hacked, or reused.

Aladdin eToken offers healthcare organization the following security capabilities for unique user authentication:

Strong, two-factor authentication through the eToken USB smartcard or traditional smartcard
Easier and more cost-effective to deploy (critical for the traditionally tight budgets of healthcare organizations), since no backend server or smart card readers are required (USB token)
Better user experience, especially with the USB smartcard, which promotes increased compliance (healthcare workers are among the most resistant to security measures they consider intrusive or time-consuming)
Fully interoperable with existing or planned PKI environments. Read more...

Workstation Security

HIPAA requires that only authorized users be able to access workstations that contain electronic protected health information (ePHI).

Aladdin provides healthcare organizations with two distinct yet complementary methods for workstation security:

Lock down workstations with eToken strong user authentication and seamlessly integrated third-party solutions for:
Secure Network logon that protects network access with eToken strong user authentication Read more...

Data Integrity

HIPAA requires that a healthcare organization ensure that data in its possession has not been altered or destroyed in an unauthorized manner.

Aladdin eToken helps ensure the integrity of health information by enhancing the security, deployment, and management of a PKI with eToken for full digital signature capabilities, providing data integrity and nonrepudiation
Aladdin eSafe proactively blocks viruses and worms that can alter, destroy, or steal individually identifiable patient information. In addition, eSafe can prevent electronic protected health information from being altered or disseminated outside of traditionally monitored channels by blocking Instant Messaging and Peer-to-Peer applications.