OMB M-06-16 Compliance

What is OMB M-06-16?

OMB M-06-16 is a memorandum issued by the United States Office of Management and Budget (OMB) outlining the recommended actions for all federal departments and agencies to properly safeguard information assets. It specifically directs all federal agencies and departments to "encrypt all data on mobile computers/devices..."

The recommendations within OMB M-06-16 are in addition to the recommendations supplied by the National Institute of Standards and Technology (NIST) for the protection of remote information. Read more about OMB M-06-16 by downloading the document found here: http://www.whitehouse.gov/OMB/memoranda/fy2006/m06-19.pdf

How does OMB M-06-16 affect my organization?

OMB M-06-16 requires all federal government agencies and departments to secure sensitive information that is accessed remotely or stored off-site. This includes information that is physically transported outside of an agency’s perimeter, including information transported on removable media (e.g., CDs, DVDs, flash drives) and portable mobile devices (e.g., laptops). OMB M-06-16 also applies to sensitive information shared with outside organizations.

Therefore, if you are an agency or department that handles any type of sensitive information, such as Personally Identifiable Information (PII) or Personal Health Information (PHI), you need to ensure your method of protecting that information meets OMB M-06-16 compliance requirements.

How does SecureZIP help meet OMB M-06-16 compliance requirements?

SecureZIP by PKWARE fully addresses the recommendations outlined in OMB M-06-16 by strongly encrypting data to ensure it remains protected at its origin or destination, both in movement or storage. Because SecureZIP encrypts the data itself rather than the storage device, it remains protected even if placed on removable media that is lost or stolen during transit.

Customer Success Story: OMB M-06-16 Compliance Case Study

The Centers for Medicare & Medicaid Services (CMS) is using SecureZIP PartnerLink not only to meet OMB M-06-16 and FIPS 140-2 compliance requirements, but also to securely exchange sensitive information with hundreds of external partners, including other federal/state/local government agencies, research labs, universities, and large corporations. To learn more about how CMS is leveraging SecureZIP PartnerLink, please download the Gartner Case Study: CMS Data-Sharing Project Highlights the Benefits of a Multi-platform Approach.

In addition to meeting the recommendations outlined in OMB M-06-16, SecureZIP helps solve several other data security issues that government agencies are facing. To learn more about how SecureZIP can help solve specific government data security issues and to access case studies and other resources, click here.

HIPAA Compliance

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 established a set of security standards used to protect the confidentiality of Personal Health Information (PHI). Recent regulations and mandates from the Department of Health and Human Services apply to HIPAA covered entities and any of their business associates that “access, maintain, retain, modify, record, store, destroy, or otherwise hold, use, or disclose unsecured PHI.”

In addition to protecting medical records, prescription details, and personal information, the standards outlined in HIPAA are meant to improve the efficiency and effectiveness of the U.S. healthcare system by encouraging the use of electronic data exchange. To learn more about HIPAA and other health information privacy requirements, please visit: http://www.hhs.gov/ocr/privacy/

How does HIPAA affect my organization?

To improve the efficiency and effectiveness of the healthcare industry, vast amounts of patient information are being handled electronically. Therefore, there is an increased need for stronger data security. Patient information privacy laws, such as HIPAA, require that Protected Health Information (PHI) remain secure at all times. If your organization is responsible for handling any amount of PHI, you may be required to meet HIPAA compliance requirements. Or, if you are an associate of a HIPAA-covered entity, the recent Health Information Technology for Economic and Clinical Health (HITECH) Act applies to you; learn more about the HITECH Act by clicking here.

SecureZIP offers government agencies the ability to use validated cryptographic modules for protecting data when run in FIPS mode.

*click here to view NIST's position on FIPS 140-1

How does SecureZIP help meet HIPAA compliance requirements?

SecureZIP by PKWARE reduces the risk of data being lost or stolen as it is transferred amongst doctors’ offices, labs, hospitals, and billing departments. It fully addresses HIPAA compliance by encrypting data to ensure it remains protected at its origin or destination, both in movement or storage. Because SecureZIP HIPAA compliance software encrypts the data itself rather than the storage device, it remains protected even if placed on removable media that is lost or stolen during transit.

Customer Success Story: HIPAA Compliance Case Study

The Centers for Medicare & Medicaid Services (CMS), who enforces HIPAA regulations, uses SecureZIP PartnerLink not only to meet compliance requirements, but also to securely exchange sensitive information with hundreds of external partners, including other federal/state/local government agencies, research labs, universities, and large corporations. To learn more about how CMS is leveraging SecureZIP PartnerLink, please download the Case Study: CMS Data-Sharing Project Highlights the Benefits of a Multi-platform Approach.

In addition to meeting the standards outlined within HIPAA, SecureZIP helps solve several other data security issues that government agencies are facing. To learn more about how SecureZIP can help solve specific government data security issues and to access case studies and other resources, click here.

HITECH Act Compliance

What is the HITECH Act?

In February of 2009, the Health Information Technology for Economic and Clinical Health (HITECH) Act went into effect. The HITECH Act applies to “HIPAA covered entities and their business associates that access, maintain, retain, modify, record, store, destroy, or otherwise hold, use, or disclose unsecured protected health information…”

The various information security segments of the HITECH Act were developed to help organizations that handle Personal Health Information (PHI) prevent fraud, hacking, and other security threats by leveraging technology that can be used to render PHI unusable to unauthorized individuals. For more information about the HITECH Act, please visit: http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/guidance_breachnotice.html

How does the HITECH Act affect my organization?

Any business associates of HIPAA-covered entities who provide transmission of protected health information and/or require access to that information are required to comply with regulations established by the HITECH Act. In addition, Personal Health Record (PHR) vendors who have contracts with entities covered by the HITECH Act are also required to meet HITECH Act compliance requirements. Entities required to meet HITECH Act compliance requirements include:

• Medical transcriptionists
• Contracted lab and radiology departments
• Third-party billing agencies
• Hospital couriers
• Collection agencies
• Pharmacies with hospital contracts
• Consultants
• Off-site storage facilities

How does SecureZIP help meet HITECH Act compliance requirements?

Because SecureZIP encrypts the data itself rather than the storage device, it remains protected even if placed on removable media that is lost or stolen during transit. Because of its strong encryption, SecureZIP meets FIPS 140-2 requirements, a key component of the HITECH Act. SecureZIP also provides encryption processes for data at rest that are consistent with NIST guidelines. For more information on how SecureZIP helps address HITECH Act compliance requirements, please read our HITECH Act Solution Brief.

Customer Success Story: HITECH Act Compliance

One of the nation’s largest Medicare administrators used SecureZIP to not only meet HITECH Act compliance requirements, but to exchange data securely with outside business partners. To learn more, please download the Gartner Case Study: CMS Data-sharing Project Highlights the Benefits of a Multi-platform Approach.

In addition to meeting the requirements outlined by the HITECH Act, SecureZIP helps solve several other data security issues that organizations are facing. To learn more about how SecureZIP can help solve specific government data security issues and to access case studies and other resources, click here.

FIPS 140-2 Compliant Encryption

How does SecureZIP help meet FIPS 140-2 compliance standards?

PKWARE’s Solution fully addresses the standards outlined in FIPS 140-2 by strongly ENCRYPTING THE DATA ITSELF rather than the storage device.

Keeps Data Secure:

• In Movement or Storage
• At its Origin or Destination

Data remains protected even if placed on removable media that is lost or stolen during transit.

The PKWARE Solution offers government agencies the ability to use validated cryptographic modules for protecting data when run in FIPS mode:

*click here to view NIST's position on FIPS 140-1

PKWARE helps meet FIPS 140-2 compliance standards:

FIPS 140-2 requires all federal government agencies and departments that use cryptographic-based security systems to protect sensitive information to comply with the standards. Or, if you are an organization that does business with a government agency or department that requires the exchange of sensitive information, you also need to ensure you meet the FIPS 140-2 security standards. Additionally, FIPS 140-2 is becoming a general best practice outside of the government sector and outside of the United States.

Customer Success Story: FIPS 140-2 Compliant Encryption Case Study

The Centers for Medicare & Medicaid Services (CMS) is using SecureZIP PartnerLink not only to meet FIPS 140-2 standards, but also to securely exchange sensitive information with hundreds of external partners, including other federal/state/local government agencies, research labs, universities, and large corporations. To learn more about how CMS is leveraging SecureZIP PartnerLink, please download the CMS Case Study.

In addition to meeting the security standards outlined in FIPS 140-2, SecureZIP helps solve several other data security issues that government agencies are facing. To learn more about how SecureZIP can help solve specific government data security issues and to access case studies and other resources, click here.

What is FIPS 140-2?

FIPS 140-2 is the current version of the Federal Information Processing Standardization 140 (FIPS 140) publication that specifies requirements for cryptography modules. The National Institute of Standards and Technology (NIST) issued the FIPS 140 series to uphold the standards that describe the United States Federal Government requirements that IT products should meet.

Read more about FIPS 140 by downloading the document found here: http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf