- HIPAA PHI
- NRC SGI
- FDA 21CFR Part 11
HIPAA
The Health Insurance Portability and Accountability Act (HIPAA), enacted into law by Congress in 1996, contains regulations regarding the handling of protected health information (PHI). Compliance with HIPAA guidelines on patient privacy (the Privacy Rule) became mandatory on April 14, 2003.
ISC helps covered organizations (health care providers, health plans, health care and insurance clearinghouses, etc.) safeguard their sensitive electronic health information. Our products can be used to securely store, maintain, and transmit PHI. When used properly, encryption and certificates (also known as "digital IDs") provide effective means of limiting access to PHI to authorized health care professionals.
Reference: NIST Special Publication 800-66, An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, U.S. Department of Commerce, March 2005.
ISC Solutions Addressing HIPAA Requirements
Authentication |
CertAgent X.509 certificate management system CDK cryptographic libraries |
Access Control |
CertAgent X.509 certificate management system CDK cryptographic libraries |
Data Integrity and Confidentiality |
SecretAgent encryption and digital signature software CertAgent X.509
certificate management system |
| Data Transmission Security | SecretAgent encryption
and digital signature software CDK cryptographic libraries |
| Audit Trails | SecretAgent and CertAgent offer extensive logging and reporting facilities to track all security-related operations |
How SecretAgent Can Help Address HIPAA Requirements
SecretAgent allows covered organizations to securely exchange PHI via e-mail or other file transfer mechanisms (FTP, HTTP, etc.). SecretAgent supports all federally-approved security protocols for file encryption and is based on ISC's FIPS 140-1 validated cryptographic engine. Interoperable versions of SecretAgent are available on all popular computing platforms.
SecretAgent is extremely economical for secure data transfers in a single direction, such as from a hospital to an insurance clearinghouse. Only the sending entity needs to purchase a SecretAgent license; the receiving party can use the free SA5Reader application to decrypt incoming data. (A key pair can be generated for the receiving party by the sender, or the receiver can purchase an X.509 certificate from ISC for a nominal fee, currently $10/yr.)
Related Information
HIPAA is interpreted and enforced by the Department of Health and Human Services' Office of Civil Rights, and the Centers for Medicare & Medicaid Services. An HHS website devoted to Privacy and Security matters and providing links to final Privacy Rules published in the Federal Register is here.
NRC Regulations Regarding SGI
At the end of 2004 the US Nuclear Regulatory Commission published an immediately effective order and a proposed rule that affects “All Licensees Who Possess Radioactive Material in Quantities of Concern and All Other Persons Who Obtain Safeguards Information.” These new regulations impose strict requirements on the protection of information that concerns the safeguarding of radioactive materials.
For information regarding the secure handling of SGI and SGI-M information using ISC products, vist:
FDA 21-CRF-Part 11
For information on compliance with the FDA's 21 CRF Part 11 rule, visit:
This page contains brief descriptions and links to related information for some recent Federal security regulations.