Awk & Helpful
I've done some searches and can't find anything internally on keywords, Wave, Trusted PC's, Embassy, etc. There is significant mention of computing and services "at the edge", but I just can't find any connections at this time. This is on HIPPA. You all are more able than I to interpret the implications of these solutions: (COE means PC's in EDS-speak)
EDS secure solutions comply with HIPAA Security Rule
26 Apr 2005
• COE Secure Solutions
• HIPAA Security & Privacy
EDS recently implemented changes to meet the requirements of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, which went into effect April 20, 2005.
HIPAA, a United States law passed in 1996, establishes requirements for health care organizations and their associates to protect the confidentiality, integrity and availability of individually identifiable healthcare information when it is electronically processed, stored or transmitted. This information is referred to as “electronic protected health information” or “ePHI.”
EDS’ obligations to HIPAA are largely through our client contracts in the health care industry. To better serve those clients and our internal needs, EDS has enhanced its security processes and capabilities.
The EDS healthcare account teams have enhanced their application systems to protect ePHI that EDS processes on behalf of our clients. At the same time, a cross-functional team of EDS and alliance partners worked together to provide enhanced capabilities to allow EDS’ workforce to protect ePHI.
Workforce solutions to secure electronic protected health information
The EDS secure solutions are targeted for individuals supporting healthcare accounts typically using COE workstations connected to the EDS intranet, either locally or through the EDS virtual private network (VPN). Four enhanced capabilities are being provided.
Secure e-mail
Secure e-mail enables the ability to send and receive ePHI with clients, partners or other EDS Exchange users in a protected manner. Depending on the recipient of the e-mail message, several options are available:
EDS has implemented a publicly signed S/MIME mail capability to enable the EDS workforce to send and receive encrypted e-mail internally and for mail exchange with S/MIME enabled clients and partners.
EDS will continue to use ZixMail, from ZixCorp, to send encrypted e-mail to non-EDS recipients who do not have secure mail capability. ZixMail enables recipients to retrieve e-mails from a public server in a secure Web browser session. This method benefits our clients by not requiring a ZixMail license to receive secure e-mail from EDS.
Secure file storage
Secure file storage safely stores ePHI on a workstation or a COE file server in encrypted files. EDS is implementing two solutions for secure file storage.
EDS is implementing Mobile Guardian, from Credant Technologies, to encrypt files stored on workstation hard drives. Credant has the benefit of enabling access to these files even when a laptop is not actively connected to the EDS network.
For protecting files stored on shared drives, such as the COE file servers, EDS is using CoreGuard, from Vormetric, Inc.
Secure remote access
Secure remote access protects logon sessions between EDS workstations and healthcare application servers and complements the EDS VPN solution used to connect remotely to the EDS infrastructure. The protection provided by the secure remote access solution maintains the confidentiality of both logon credentials and ePHI data that may pass between the server and the workstation.
EDS is implementing a capability called the Application Secure Gateway (ASG), which is provided by Permeo Technologies. ASG enables secure sessions using SSL encryption, eliminating the need for additional software on workstations or servers and minimizing the need for network changes.
Secure personal file transfer
Secure personal file transfer enables the EDS workforce to exchange ePHI files using file transfer protocol (FTP) with SSL encrypted logon sessions provided by the ASG capability, as well as secure log on to the FTP service for both “put” and “get” functions. Additionally, the CoreGuard capability used in secure file storage will be used to protect ePHI files when stored on the FTP server.
AI
