3. Step 2: Technical Safeguards!
â˘âŻ Digital Security of ePHI!
â˘âŻ Required vs Addressable!
â˘âŻ Am I HIPAA compliant if I just deploy my code to a HIPAA
compliant hosting environment?!
!
4. Technical Safeguards!
1.⯠Access Control - Unique User IdentiďŹcation (required):
Assign a unique name and/or number for identifying and
tracking user identity.!
!
2.⯠Access Control - Emergency Access Procedure (required):
Establish (and implement as needed) procedures for
obtaining necessary ePHI during an emergency.!
3.⯠Access Control - Automatic Logoff (addressable):
Implement electronic procedures that terminate an electronic
session after a predetermined time of inactivity.!
!
4.⯠Access Control - Encryption and Decryption (addressable):
Implement a mechanism to encrypt and decrypt ePHI.!
5. Technical Safeguards
5.⯠Audit Controls (required): Implement hardware, software, and/or
procedural mechanisms that record and examine activity in information
systems that contain or use ePHI.!
6.⯠Integrity - Mechanism to Authenticate ePHI (addressable):
Implement electronic mechanisms to corroborate that ePHI has not
been altered or destroyed in an unauthorized manner.!
7.⯠Authentication (required): Implement procedures to verify that a
person or entity seeking access to ePHI is the one claimed.!
!
8.⯠Transmission Security - Integrity Controls (addressable): Implement
security measures to ensure that electronically transmitted ePHI is not
improperly modiďŹed without detection until disposed of.!
!
9.⯠Transmission Security - Encryption (addressable): Implement a
mechanism to encrypt ePHI whenever deemed appropriate.!
9. Step 4: HIPAA Audit!
â˘âŻ Who CertiďŹes HIPAA Compliance?!
â˘âŻ 3rd party Audits!
â˘âŻ What is the process like?!
â˘âŻ Cost!
â˘âŻ Time!
â˘âŻ Any other audits?!
10. Step 5: Insurance!
â˘âŻ Cyber Liability and Data Breach Insurance!
â˘âŻ Policy Issuers!
â˘âŻ IndemniďŹcation!
â˘âŻ Costs/Coverage!
11. What Else Do I Need to Know?!
â˘âŻ Typical implementation frame!
â˘âŻ HIPAA will change!
â˘âŻ On-going maintenance!
â˘âŻ StafďŹng!
â˘âŻ There must be an easier way ;-)!
12. What Else Do I Need to Know?!
â˘âŻ Typical implementation frame!
â˘âŻ HIPAA will change!
â˘âŻ On-going maintenance!
â˘âŻ StafďŹng!
â˘âŻ There must be an easier way ;-)!
13. â˘âŻ HIPAA Compliant Data Store!
Standard
 Database
Â
TrueVault
Â
(HIPAA
 Compliant)
Â
non-ÂâPHI
 Data
Â
PHI
 Data
Â
(REST
 API)
Â
14. Physical
 Safeguards
Â
Facility
 Access
 Ctrl,
 WorkstaGon
 Use
 and
Â
Security,
 Devices
 and
 Media
 Controls
Â
Technical
 Safeguards
Â
EncrypGon
 and
 DecrypGon,
 Key
Â
Management,
 Key
 RotaGon,
 Access
Â
Control,
 Unique
 User
 IdenGďŹcaGon,
Â
Emergency
 Access,
 AutomaGc
 LogoďŹ,
Â
Audit
 Controls,
 Mechanism
 to
Â
AuthenGcate
 Electronic
 PHI,
 Person
 or
Â
EnGty
 AuthenGcaGon,
 Transmission
Â
Security,
 Integrity
 Controls
Â
AdministraGve
 Safeguards
Â
HIPAA
 Compliant
Â
HosGng
Â
TrueVault
Â
â˘âŻ TrueVault
 handles
 both
 Technical
Â
and
 Physical
 Safeguards.
Â
â˘âŻ Developers
 can
 quickly
 start
Â
development
 on
 healthcare
Â
applicaGons
 without
 building
 a
Â
HIPAA
 compliant
 infrastructure.
Â
â˘âŻ FireHost
 and
 AWS
 have
 high
Â
minimum
 charges
 ($1,115
 and
Â
$1,500)
 and
 oďŹer
 no
 help
 with
Â
the
 Technical
 Safeguards.
Â
15. â˘âŻ RESTful API - No Steps 1 through 5 to worry about !
â˘âŻ BAA + Insurance!
â˘âŻ Works well with existing infrastructure!
â˘âŻ 400+ Customers!
â˘âŻ Usage based pricing, no contracts!
16. Q&A Time!
Shameless Promotions:!
!
â˘âŻ TrueVault is hiring Developers, DevOps Engineers in San Francisco !
â˘âŻ Join our iOS SDK beta list â Be the ďŹrst to release an iOS app leveraging Health Book!
http://go.truevault.com/ios8!
!