Randtronics Logo

Encrypting health records

Patented next generation health encryption

HIPAA Security Rule and HITECH compliance requires implementation of a mechanism to protect all electronic protected health information (ePHI). The HITECH Act requires the disclosure of data breaches of “unprotected” (unencrypted) personal health records (PHR), including those by business associates, vendors and related entities. Source.

To determine when information is “unsecured” and notification is required by the HHS and FTC rules, HHS is issuing an update to its guidance. This update to regulations specifies encryption and destruction as the technologies and methodologies that render protected health information unusable, unreadable, or indecipherable to unauthorized individuals.
Entities subject to the HHS and FTC regulations that secure health information as specified by the guidance through encryption or destruction are relieved from having to notify in the event of a breach of such information.

Best Practice Guidelines recommended by security experts for data at rest, transmission & sharing:

Encryption – Data that is encrypted is “Out of scope of the Law”. De-identification, access controls, key management, policy based, auditing and monitoring. Whilst there are many frameworks such as PCI DSS or ISO27001 or others many like the PCI DSS due to its prescriptive guidance.

Overall goals for organizations when implementing solution:

  • Protect all 18 categories of ePHI data.
  • Install solutions in a way that does not change business processes or require user re-training.
  • Reduce initial and recurring compliance costs.
  • Reduce operational costs.
  • Ensure potential for security depth scaling as compliance requirements change
  1. Name
  2. Address, City, County, ZIP Code
  3. Elements of dates
  4. Telephone numbers
  5. Fax numbers
  6. Email addresses
  7. SSN
  8. Medical record numbers
  9. Health plan beneficiary numbers
  10. Account numbers
  11. Certificate/license numbers
  12. Vehicle identifiers
  13. Device identifiers
  14. URLs
  15. IP Address
  16. Biometric identifiers
  17. Full face images
  18. Any other unique identifying data
Further reading:
HealthCare Data Protection

Latest news and articles

Goodbye, Tina Turner

Sad news this week that the Queen of Rock ‘n’ Roll has exited the stage. Many of us at the Randtronics team grew up hearing

Read More
May 25, 2023
VIEW ALL

Our Customers

Logos
Logos2
Logos3
Logos4
Logos5
Logos6
Logos7
Logos8

Contact us today and see how we can protect your business.

A business that only encrypts its data is more secure than one that only does everything else…

CONTACT US TO DISCUSS YOUR ENCRYPTION REQUIREMENTS
Quick Links
Randtronics LLC
  • Milpitas CA 95035 United States
  • +1 (650) 241 2671
  • enquiry@randtronics.com
Randtronics Pty Limited
  • S1.1, Level 1, Building A 64 Talavera Road North Ryde, NSW 2113 Australia
  • +61 418 226 234
Stay Connected
Randtronics Logo
Facebook-f Twitter Linkedin-in Instagram Youtube
Randtronics © 2002 – 2021, All rights reserved.

Letter from the CEO

Rantronics Logo

Thank you for visiting the Randtronics website.

We make enterprise encryption easy.

Smart businesses already know that only encryption can reduce the attack surface and stop the hackers from stealing their sensitive data. A company that only uses encryption is more secure than a company with all other cyber security measures. Privacy standards such as PCI DSS, HIPAA, and GDPR are all mandating in law the protection of the citizen’s personal data. Fines for breaches are huge. You won’t get fined if your firewall is hacked. You won’t get fined if you suffer a virus or ransomware attack. You WILL get fined if you lose ANY personal data pertaining to ANY citizen. The lowest common denominator is the DATA. Data that is “Encrypted” is out of the scope of the Law.

Whilst all understand the need to protect sensitive data holistically (such as NIST Cyber Security Framework or 12 prescriptive PCI DSS guidelines) their cyber security priorities are misguided to say easy aspects and not addressing “what happens” when these fail? Encryption of data is the only direct protection measure that renders data unreadable compared to upgrading firewalls or virus and malware, IPS, log monitoring, etc. I am saying you need all methods but unless you have implemented enterprise grade encryption you are still unprotected like driving a car without “seatbelts”. “Enterprise grade encryption” as a cyber measure is the “seat belt” that saves lives in car accidents. Industry experts predict a relentless continuation of data breaches this year and penetration testing have proven perimeter defense is easily penetrable.

Randtronics has taken the challenge to make encryption easy and is innovating in many areas. We have already reduced deployment effort to days, use familiar standard components so that less skilled people can deploy and maintain systems.
I welcome discussions via email or phone as through your feedback we will be challenged to continue to innovate to the point where businesses and users do not need to be intimidated when using encryption as the worlds most powerful tool to protect their sensitive data.

Experts predict data breaches will continue at relentless pace, let Randtronics secure your business with “Enterprise grade ubiquitous encryption technology”. Time is of the essence. Why not be pro-active? I invite you to let Randtronics and its global distributors and resellers assess and assist your business directly.

Yours sincerely,
Bob K Adhar, BE, MBA, CISSP
Founder and CEO