Posts Tagged HIPAA

Silence the Nagging By Securing Your Data

Posted by on Monday, 6 February, 2012

Compliance issues and the ever-growing list of compliance regulation acronyms (HIPAA, PCI, SOX, etc.) are persistently nagging IT folks who must meet tough mandates and overly complicated rules.

compliance, HIPAA, PCI DSS, data securityOf course, the real reason we must now pay so much attention to compliance is others’ irresponsible abuse. Somewhere along the data strewn path, a few malicious malcontents had to succumb to the voice of greed and abuse their technological skill sets.  All IT professionals’ jobs are tougher thanks to those that through hacking, sniffing, or lifting data sources chose to steal and sell inadequately secured information.

The truth is, though, that “data” really is sensitive information and we live in a paranoid modern world where dastardly damage is done with a just a little twist of the facts.  So in response to the cries of outrage among our citizens, politicians have wrung their bureaucratic hands and offered plenty of passing legislation designed to protect our data.

Because IT is responsible for the company’s data, we need to stay abreast of the laws that apply to it. We also need to to fully understand and implement the three types of data protection: physical, transitional, and procedural.

Physical

Physical protection is probably the easiest. We secure the data on our servers, backup tapes and offsite facilities with technologies such as passwords, drive encryption, backup encryption, data center surveillance, physical locks, etc. We spare no expense in securing the physical because we can see it and believe it is secured. Or so we think.

Transitional

Transitional protection is a little more difficult.  Any data files that leave our networks should be secured with managed FTP solutions that encrypt the files with SFTP, FTPS, HTTPS, PGP, and other protocols.  Firewalls are set up to control what can leave or enter our data domain. DMZ gateways are set up to increase the virtual protection of the data and still allow designated users access to it.

Procedural

Procedural security is a type of data protection that is least understood and implemented.  A clear and understandable security policy needs to be communicated to the end users so they become familiar with sensitive data is secured, and what consequences may loom if procedures aren’t followed.

The majority of us in IT are protective about who has access to our own sensitive data, so we can understand the reason for protecting everyone else, too.  Yes, it’s a lot of work, but it’s part of the new normal.

Daniel Cheney

Daniel has been the IT Director at a healthcare company for the last 12 years and a longtime beneficiary of GoAnywhere Director and the IBM i platform. He is also a technical analyst and writer for various technical and social media projects with Humanized Communications.

More Posts - Website - Twitter - Facebook - LinkedIn - Google Plus - YouTube

Reverse Proxy Gateway Video Now Live

Posted by on Monday, 21 November, 2011

Rounding out our series of GoAnywhere product videos, we’ve recently added an overview of GoAnywhere Gateway.  It explains how incorporating a reverse proxy and a forward proxy into your managed file transfer processes adds an extra layer of protection for your private network.reverse proxy DMZ gateway

When GoAnywhere Gateway is implemented, trading partners can exchange files with your organization without gaining access to your private network because no inbound ports will need to be opened to complete the exchange.  This feature is especially important to auditors evaluating compliance with regulations such as PCI DSS, HIPAA, and SOX.

Our Gateway video premier coincides with the release of our latest white paper entitled DMZ Gateways: Secret Weapons for Data Security.  Please let us know if you’d like to learn more about how our reverse proxy DMZ gateway can improve your secure file transfer system.

Susan Baird

Susan is the Marketing Manager at Linoma Software, helping promote our secure file transfer and encryption solutions. Her specialty is content creation and social media marketing.

More Posts - Website - Twitter - Facebook - LinkedIn - Pinterest - Google Plus

Managed File Transfer Solution Now on Video

Posted by on Wednesday, 17 August, 2011

We’re always looking for new ways to illustrate the power and versatility of our GoAnywhere suite of secure file transfer and encryption solutions.  Very simply, GoAnywhere helps you streamline, encrypt and automate your file transfer processes to save time and money while meeting ever-growing compliance requirements.

Still, we find it’s sometimes challenging to quickly explain the power and convenience of our managed file transfer software, so we’re excited to introduce some brand new videos to showcase the flexibility and control GoAnywhere clients have.

GoAnywhere secure file transfer software solution

GoAnywhere’s suite of secure file transfer solutions helps you manage all of your organization’s inbound and outbound file transfers — both internally as well as with external trading partners.

With support for virtually any platform and protocol, including FTP, FTPS, SFTP, HTTP/S, AS2, SMTP and ZIP, GoAnywhere puts local control of the entire process into one intuitive dashboard.  GoAnywhere eliminates the need for custom scripts, generates detailed audit logs, and provides a rich catalog of features for comprehensive management, all without additional hardware or specialized skills.

If you’d like to test drive a free trial, let us know.  We’d also love to hear what you think of our videos!

Susan Baird

Susan is the Marketing Manager at Linoma Software, helping promote our secure file transfer and encryption solutions. Her specialty is content creation and social media marketing.

More Posts - Website - Twitter - Facebook - LinkedIn - Pinterest - Google Plus

Citigroup Breach Triggers Congressional Response

Posted by on Monday, 11 July, 2011

The data breach at Citigroup in May – a breach which reportedly exposed an estimated 200,000 customer accounts – has motivated members of the U.S. Congress to re-introduce legislation to penalize the very organizations that have been victimized by hackers.  What are the next steps your company should take?

New bills to protect consumers’ personal dataLinoma Software Managed File Transfer Solutions

Two bills are proposed by both House and Senate legislators.

First, Sen. Patrick Leahy (D-Vt.) has introduced the Personal Data Privacy and Security Act of 2011.  The new bill provides:

  • Tough criminal penalties for individuals who intentionally or willfully conceal a security breach involving personal data;
  • A requirement that companies that maintain personal data establish and implement internal policies to protect data privacy and security; and
  • A requirement that the government ensure sensitive data is protected when the government hires  third-party contractors.

This act would also require, under threat of fine or imprisonment, that businesses and agencies notify affected individuals of a security breach by mail, telephone or email  “without unreasonable delay.” Media notices would be required for breaches involving 5,000 or more people.  The FBI and the Secret Service would need to be notified if the breach affects 10,000 or more people, compromises databases containing the information of one million or more people, or impacts federal databases or law enforcement.

But that’s not the only security bill that has businesses concerned.

In the House, Rep. Mary Bono Mack (R-Ca) is holding hearings in preparation of a bill she’s named The SAFE (Secure and Fortify) Data Act that would also require “reasonable security policies and procedures” to protect consumers and enable disclosures to victims and the Federal Trade Commission within 48 hours of a data breach.

Companies no longer viewed as the victims

All this sounds good from the consumer’s point of view. But what about the expense – and potential Linoma Software GoAnywhere Managed File Transfer Solutionpenalties – suffered by the “owners” of the data: the businesses themselves?

While these bills may address the public’s interest for notification — and indeed they would bring some semblance of a national standard – they also represent an interesting shift in the liabilities that companies will face.  How is that?

Though we currently have no federal data breach notification law, federal policies now view the companies that experience a data breach as the victims of crime. However, under the proposed legislative bills, companies that do not act quickly to appropriately secure the personal data of customers – or fail to report a data breach in a reasonable amount of time – would not only suffer the theft of data, but also be held liable for its loss.

This is a significant shift. Companies are now being viewed not as the owners of consumer data, but merely guardians and trustees whose job it is to protect that data or face criminal penalties. And the message is clear: if companies won’t take adequate precautions to secure the sensitive data of our customers, they’ll pay a hefty price.

Where does your company stand?

In a world in which diligent hackers have the power break into seemingly secure networks and systems, what can your company do?

The challenge is first to determine exactly what qualifies as adequate precautions.

GoAnywhere Secure Managed File Transfer A review of the HIPAA HITECH security provisions that took effect last year provides some insight about what the government considers adequate protection.

HITECH strongly recommends the use of encryption technology. Encryption is a good place for your company to start, especially when dealing with the data your company stores on its servers.  If sensitive data itself is kept securely encrypted, a data breach doesn’t expose the content of the information itself.

Secure managed file transfer protocols – which send data using encryption – is the second place to focus attention.

If data is encrypted when it is being securely transmitted between business partners, the value of that data should it be breached – through hacking, theft, or other malicious actions – is worthless.  Encryption and secure managed file transfers can dramatically minimize the holes of technical breaches, significantly reducing an organization’s liability.

Preventing exposure

The Citigroup data breach has rekindled the momentum for a nationwide, cross-industry data breach reporting standard. This standard will not to eliminate the physical breaches themselves. What’s needed is legislation to encourage companies secure the underlying data that is the target of the hackers.

Isn’t it time for your company to take a serious look at its liabilities and to investigate how encryption and managed file transfers can close these important security holes?

Thomas Stockwell

Thomas M. Stockwell is one of Linoma Software's subject matter experts and a top blogger in the industry. He is Principle Analyst at IT Incendiary, with more than 20 years of experience in IT as a Systems Analyst, Engineer, and IS Director.

More Posts - Website

Managed File Transfer Streamlines HIPAA/HITECH Complexity

Posted by on Monday, 9 May, 2011

Managed File Transfer (MFT) systems are great for policy enforcement, access authentication, risk reduction, and more. But for HIPAA and HITECH requirements, MFT shines as a work-flow automation tool.

MFT as the B2B Enabler

It shines because Managed File Transfer systems are actually automation platforms that can help companies streamline the secure transfer of data between business partners. How? It removes many of the configuration steps traditionally required for complex Business-to-Business (B2B) processes, keeping it straightforward and manageable.

Transferring patient information is a difficult challenge which many healthcare institutions are facing. Data standards were supposed to simplify this communication between healthcare institutions and their partners. But ask any technical professional about the underlying variability of data formats, and you’ll hear a tale of potential confusion and complexity.

Nightmares of Compliance

The HITECH regulations within HIPAA require the security and privacy of healthcare records, strongly suggesting the use of data encryption. These records may travel between various healthcare-related partners including hospitals, clinics, payment processors and insurers. Each partner may require their own unique data format, and each may prefer a different encryption technique or transport protocol.

Considering these differing requirements, adding each new trading partner has traditionally needed the attention of in-house programming or manual processes, which has become hugely inefficient. Furthermore, if the new trading partner is not implemented properly, this can also create the potential for errors that may lead to data exposures. Any exposures could move the healthcare institution out of HIPAA/HITECH compliance and may cost them severely.

Simplifying and Integrating Information Transfer

A Managed File Transfer (MFT) solution can significantly reduce the potential for errors and automate those processes. With a good MFT solution, any authorized personnel should be able to quickly build transfer configurations for each healthcare business partner. This should allow for quick selection of strong encryption methods (e.g. Open PGP, SFTP, FTPS, HTTPS) based on the partner’s requirements, so that HITECH requirements are maintained. At the same time, a MFT solution creates a visible audit trail to ensure that compliance is sustained.

But, perhaps just as important, a good Managed File Transfer solution is constructed as a modular tool that can be easily integrated into existing software suites and workflow processes. In fact, a good MFT is like a plug-able transfer platform that brings the variability of all kinds of B2B communications under real management.

Now extend the MFT concept beyond the healthcare business sector, into manufacturing, finance, distribution, etc. Suddenly MFT isn’t a niche’ utility, but a productivity and automation tool that has myriad uses in multiple B2B environments.

A Day-to-day Technical Solution

Perhaps this is why the Gartner Group has identified Managed File Transfer as one of the key technologies that will propel businesses in the coming years. It’s more than just a utility suite: It’s a system that can be utilized over and over as an integral part of an organization’s solutions to automate and secure B2B relationships. In other words, MFT isn’t just for specialized compliance requirements, but a lynch-pin of efficient B2B communications technology that can bring real cost savings to every organization.

Healthcare Case Study Utilizing a MFT Solution: Bristol Hospital Takes No Risks with Sensitive Data

Thomas Stockwell

Thomas M. Stockwell is one of Linoma Software's subject matter experts and a top blogger in the industry. He is Principle Analyst at IT Incendiary, with more than 20 years of experience in IT as a Systems Analyst, Engineer, and IS Director.

More Posts - Website