|
The US Congress passed the Health Insurance Portability and Accountability Act (HIPAA) in 1996. As part of the act, Congress called for regulations promoting administrative simplification of healthcare transactions as well as regulations ensuring the privacy and security of patient information.
While HIPAA does not specifically refer to application acceleration solutions, it does state that all entities must use “network controls to protect sensitive communication that is transmitted electronically over open or private networks so that it cannot be easily intercepted and interpreted by parties other than the intended recipient.” Application acceleration products naturally fall into this category.
There are no specific criteria that make network infrastructure “compliant” with the HIPAA act. In fact, the authors of the legislation stated, “the standard does not address the extent to which a particular entity should implement the specific features. Instead, we would require that each affected entity assess its own security needs and risks and devise, implement, and maintain appropriate security to address its business requirements.”
However, the security standard within the act (142.308) does provide some high level areas of concentration for healthcare institutions to address. These include:
- Access control
- Encryption
- Authorization
- Alarm Generation/Event Reporting
- Authentication
- Audit Controls
The Benefits of Infrastructure Centralization
The centralization of branch office servers and storage enables enterprises to better secure business information. By consolidating IT infrastructure within a select number of purpose-built data centers, enterprises can protect vital business resources through tight physical security and well-defined access procedures. In addition, when sensitive information is consolidated within a select number of servers, IT staff can better enforce proper password protection, implement appropriate security mechanisms (e.g., firewalls and antivirus programs), and ensure that all infrastructure is equipped with the latest software patches. It is much more difficult to enforce these types of security safeguards, and audit their effectiveness, when data is stored in numerous locations with limited IT staff, such as doctors’ offices and clinics.
By making server centralization a reality, Silver Peak is an indispensable tool for healthcare institutions looking to improve application delivery while maximizing data security through infrastructure consolidation.
The Need for Strong Encryption
Many application acceleration solutions improve application delivery by delivering pertinent information via local appliances. As these appliances store information in a proprietary fashion, they are inherently more secure than local servers. To further mitigate the risk of unauthorized access to this information, Silver Peak also uses 128 bit Advanced Encryption Standard (AES) to encrypt all information stored in an NX Series appliance’s local data store. This encryption is done in hardware so as not to adversely impact the performance of the appliance.
Silver Peak also supports optional IPsec tunneling (using 128 bit AES encryption) between NX Series appliances. This ensures that data remains completely safe from unauthorized access when traversing the WAN, as does all communications between appliances.
Additional Silver Peak Benefits
Silver Peak NX Series Appliances provide additional layers of security that address the security requirements outlined in HIPAA. These include:
Authentication, Authorization and Access Control
- TACACS+ and RADIUS support prevent unauthorized devices from accessing Silver Peak NX Series appliances
- Unique username/password combinations for controlled administrative access
- Secure interfaces on all management consoles
Reporting/Auditing
- Detailed alarm generation
- Trending reports, syslogs, session logs, and SNMP traps for historical analysis and auditing
- Historical record keeping for a variety of traffic flows, including application analysis and specific LAN-to-WAN mappings
- Data can be exported via industry standard formats (e.g., Netflow) for external manipulation and storage
HIPAA Friendly Application Acceleration
By enabling server centralization, Silver Peak helps healthcare institutions secure sensitive resources. In addition, Silver Peak NX Series appliances offer a variety of security options to protect data as it is delivered across a distributed enterprise.
Hospitals, clinics, and other care-giving facilities can chose which security practices best fit their own unique requirements. Regardless of the applications, platforms, and policies in place, Silver Peak ensures that sensitive communications are always protected in accordance with HIPAA guidelines.
|
