Solutions by Compliance Initiative
Solutions Designed to Meet Specific Compliance Requirements and Industry Mandates
There are over 100 different regulations pertaining to data protection and security. Major regulations, mandates, and security standards such as PCI DSS, HIPAA, HITECH Act, OMB M-06-16, and FIPS 140 have caused organizations to become actively engaged in finding a security solution.
Internal policies, industry mandates, and government regulations demand strong protection of sensitive data. Non-compliance results in considerable fines and penalties—over $214 per record—averaging over $7.2 million per data breach.
SecureZIP strongly encrypts data using passphrases, digital certificates, or both. It allows you to meet compliance requirements while eliminating the risks of a data breach such as substantial fines, negative publicity, and damage to your reputation.
SecureZIP has helped thousands of organizations meet various data security standards and compliance requirements, including:
PCI DSS Compliance
What is PCI DSS?
The Payment Card Industry Data Security Standard (PCI DSS) is a set of comprehensive requirements used to increase control around information security. The set of security standards was originally developed by members of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc. International. PCI DSS requirements are built upon six overarching requirements:
- Building and maintaining a secure network
- Protecting cardholder data
- Maintaining a vulnerability management program
- Implementing strong access control measures
- Regularly monitoring and testing networks
- Maintaining an information security policy
The PCI DSS was developed to help organizations proactively protect customer account data. It includes requirements for security management, policies, procedures, network architecture, software design, and others. Read more about PCI DSS by visiting: https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml
How does PCI DSS affect my organization?
PCI DSS requires all organizations that handle customer credit card data, regardless of size, to meet the requirements. It is the responsibility of the organization to achieve, demonstrate, and maintain PCI compliance at all times. Compliance is assessed annually and those organizations who fail to meet PCI DSS compliance requirements face audits, fines, and/or revoked ability to process credit card payments.
How does SecureZIP help meet PCI DSS compliance requirements?
SecureZIP by PKWARE helps organizations meet PCI compliance requirements by:
- Protecting stored data learn more »
- Protecting data in transit learn more »
- Strongly encrypting sensitive data learn more »
- Enforcing organizational security policies learn more »
Customer Success: PCI DSS Compliance with SecureZIP for z/OS
Several retailers use SecureZIP for z/OS to meet PCI DSS compliance requirements. After experiencing a data breach, one of the nation’s leading retailers knew they needed to find a data security solution that would meet PCI compliance requirements. To learn more about how this retailer is leveraging SecureZIP to securely transfer purchase transactions from hundreds of individual stores to their corporate headquarters, read the customer success story here.
To learn even more about how SecureZIP can help meet PCI DSS compliance requirements, click here.
HITECH Act Compliance
What is the HITECH Act?
In February of 2009, the Health Information Technology for Economic and Clinical Health (HITECH) Act went into effect. The HITECH Act applies to “HIPAA covered entities and their business associates that access, maintain, retain, modify, record, store, destroy, or otherwise hold, use, or disclose unsecured protected health information…”
The various information security segments of the HITECH Act were developed to help organizations that handle Personal Health Information (PHI) prevent fraud, hacking, and other security threats by leveraging technology that can be used to render PHI unusable to unauthorized individuals. For more information about the HITECH Act, please visit: https://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/guidance_breachnotice.html
How does the HITECH Act affect my organization?
Any business associates of HIPAA-covered entities who provide transmission of protected health information and/or require access to that information are required to comply with regulations established by the HITECH Act. In addition, Personal Health Record (PHR) vendors who have contracts with entities covered by the HITECH Act are also required to meet HITECH Act compliance requirements. Entities required to meet HITECH Act compliance requirements include:
- Medical transcriptionists
- Contracted lab and radiology departments
- Third-party billing agencies
- Hospital couriers
- Collection agencies
- Pharmacies with hospital contracts
- Off-site storage facilities
How does SecureZIP help meet HITECH Act compliance requirements?
Because SecureZIP encrypts the data itself rather than the storage device, it remains protected even if placed on removable media that is lost or stolen during transit. Because of its strong encryption, SecureZIP meets FIPS 140-2 requirements, a key component of the HITECH Act. SecureZIP also provides encryption processes for data at rest that are consistent with NIST guidelines. For more information on how SecureZIP helps address HITECH Act compliance requirements, please read our HITECH Act Solution Brief.
Customer Success Story: HITECH Act Compliance
One of the nation’s largest Medicare administrators used SecureZIP to not only meet HITECH Act compliance requirements, but to exchange data securely with outside business partners. To learn more, please download the Gartner Case Study: CMS Data-sharing Project Highlights the Benefits of a Multi-platform Approach.
In addition to meeting the requirements outlined by the HITECH Act, SecureZIP helps solve several other data security issues that organizations are facing. To learn more about how SecureZIP can help solve specific government data security issues and to access case studies and other resources, click here.
OMB M-06-16 Compliance
What is OMB M-06-16?
OMB M-06-16 is a memorandum issued by the United States Office of Management and Budget (OMB) outlining the recommended actions for all federal departments and agencies to properly safeguard information assets. It specifically directs all federal agencies and departments to "encrypt all data on mobile computers/devices..."
The recommendations within OMB M-06-16 are in addition to the recommendations supplied by the National Institute of Standards and Technology (NIST) for the protection of remote information. Read more about OMB M-06-16 by downloading the document found here: https://www.whitehouse.gov/OMB/memoranda/fy2006/m06-19.pdf
How does OMB M-06-16 affect my organization?
OMB M-06-16 requires all federal government agencies and departments to secure sensitive information that is accessed remotely or stored off-site. This includes information that is physically transported outside of an agency’s perimeter, including information transported on removable media (e.g., CDs, DVDs, flash drives) and portable mobile devices (e.g., laptops). OMB M-06-16 also applies to sensitive information shared with outside organizations.
Therefore, if you are an agency or department that handles any type of sensitive information, such as Personally Identifiable Information (PII) or Personal Health Information (PHI), you need to ensure your method of protecting that information meets OMB M-06-16 compliance requirements.
How does SecureZIP help meet OMB M-06-16 compliance requirements?
SecureZIP by PKWARE fully addresses the recommendations outlined in OMB M-06-16 by strongly encrypting data to ensure it remains protected at its origin or destination, both in movement or storage. Because SecureZIP encrypts the data itself rather than the storage device, it remains protected even if placed on removable media that is lost or stolen during transit.
Customer Success Story: OMB M-06-16 Compliance Case Study
The Centers for Medicare & Medicaid Services (CMS) is using SecureZIP PartnerLink not only to meet OMB M-06-16 and FIPS 140-2 compliance requirements, but also to securely exchange sensitive information with hundreds of external partners, including other federal/state/local government agencies, research labs, universities, and large corporations. To learn more about how CMS is leveraging SecureZIP PartnerLink, please download the Gartner Case Study: CMS Data-Sharing Project Highlights the Benefits of a Multi-platform Approach.
In addition to meeting the recommendations outlined in OMB M-06-16, SecureZIP helps solve several other data security issues that government agencies are facing. To learn more about how SecureZIP can help solve specific government data security issues and to access case studies and other resources, click here.
What is HIPAA?
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 established a set of security standards used to protect the confidentiality of Personal Health Information (PHI). Recent regulations and mandates from the Department of Health and Human Services apply to HIPAA covered entities and any of their business associates that “access, maintain, retain, modify, record, store, destroy, or otherwise hold, use, or disclose unsecured PHI.”
In addition to protecting medical records, prescription details, and personal information, the standards outlined in HIPAA are meant to improve the efficiency and effectiveness of the U.S. healthcare system by encouraging the use of electronic data exchange. To learn more about HIPAA and other health information privacy requirements, please visit: https://www.hhs.gov/ocr/privacy/
How does HIPAA affect my organization?
To improve the efficiency and effectiveness of the healthcare industry, vast amounts of patient information are being handled electronically. Therefore, there is an increased need for stronger data security. Patient information privacy laws, such as HIPAA, require that Protected Health Information (PHI) remain secure at all times. If your organization is responsible for handling any amount of PHI, you may be required to meet HIPAA compliance requirements. Or, if you are an associate of a HIPAA-covered entity, the recent Health Information Technology for Economic and Clinical Health (HITECH) Act applies to you; learn more about the HITECH Act by clicking here.
SecureZIP offers government agencies the ability to use validated cryptographic modules for protecting data when run in FIPS mode.
|FIPS Validation||Cert #||FIPS Level|
|Java JRE 6||1502||140-2|
|Android (coming soon)||1502||140-2|
|Z990, z890, Z9EC, z9BC, z10EC, z10BC,||661||140-2|
|Z990, z890, Z9EC, z9BC, z10EC, z10BC,z196,z114,zEC12||1505||140-2|
How does the PKWARE Solution help meet HIPAA compliance requirements?
The PKWARE Solution reduces the risk of data being lost or stolen as it is transferred amongst doctors’ offices, labs, hospitals, and billing departments. It helps organizations meet HIPAA compliance requirements using algorithms verified to the NIST FIPS 140-2 encryption standard. Encrypted data remains protected at its origin or destination, both in movement or storage. The PKWARE Solution encrypts the data itself rather than the storage device, it remains protected even if placed on removable media that is lost or stolen during transit.
Customer Success Story: HIPAA Compliance Case Study
The Centers for Medicare & Medicaid Services (CMS), who enforces HIPAA regulations, uses SecureZIP PartnerLink not only to meet compliance requirements, but also to securely exchange sensitive information with hundreds of external partners, including other federal/state/local government agencies, research labs, universities, and large corporations. To learn more about how CMS is leveraging SecureZIP PartnerLink, please download the Case Study: CMS Data-Sharing Project Highlights the Benefits of a Multi-platform Approach.
In addition to meeting the standards outlined within HIPAA, SecureZIP helps solve several other data security issues that government agencies are facing. To learn more about how SecureZIP can help solve specific government data security issues and to access case studies and other resources, click here.