HIPAA compliance using serial ATA.HIPAA (Health Insurance Portability & Accountability Act of 1996, Public Law 104-191) Also known as the "Kennedy-Kassebaum Act," this U.S. law protects employees' health insurance coverage when they change or lose their jobs (Title I) and provides standards for patient health, compliance is much more than a mandate to digitize medical files in standard, auditable, and readily accessible formats. It is much more than centralized software combined with digital imaging and document input solutions. HIPAA compliance at its core is going to be secured by the libraries of storage that will serve and archive billions of files. What do today's government regulations require from IT professionals? What are the best solutions available for meeting those requirements in times of constrained budgets and increasing business requirements? More specifically what technologies are best suited to help IT professionals meet those requirements while maintaining or improving committed service levels? HIPAA compliance will require RAID storage that can provide petabytes of readily available, affordable, reliable, performance storage--attributes now associated with SATA (Serial ATA) A serial version of the ATA (IDE) interface, which has been the de facto standard hard disk interface for desktop PCs for more than two decades. The original Parallel ATA (PATA) interface was launched in 1986. RAID. SATA offers increased performance, data protection features such as hot plug capability, signal integrity, easier integration based on reduced pin count, lower voltage requirements and improved cable and connector plants. The availability of sophisticated RAID solutions based on SATA enhances the inherent applicability of SATA to the issues of regulatory compliance and makes it a compelling technology for satisfying HIPAA compliance requirements Compliance requirements are a series of directives established by United States Federal government agencies that summarize hundreds of Federal laws and regulations applicable to Federal assistance (also known as Federal aid or Federal funds). . In a period of flat or shrinking IT budgets and heightened scrutiny of medical costs, the additional federal requirements for standardization, protection and audit ability of individually identifiable health data and metadata will force some difficult choices for IT managers in environments required to comply with the provisions of the Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress in 1996. According to the Centers for Medicare and Medicaid Services (CMS) website, Title I of HIPAA protects health insurance coverage for workers and their families when of 1996. WHAT is HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) places significant requirements on holders of medical information to safeguard, and be able to document the safeguarding of that information. These regulations specify what patient information must be kept private; how companies must secure the information; and the standards for electronic communication between medical providers and insurance companies. WHAT INFORMATION IS COVERED? HIPAA requires organizations and individuals to protect a subset of individually identifiable health information, known as protected health information protected health information Health informatics Any individually identifiable health informatlon that is used or circulated by an entity that falls under the governance of HIPAA; the privacy regulations mandate safeguards for protected health information, and the , or PHI, that is held or maintained by covered entities or their business associates acting for the covered entity. WHAT COMPANIES MAY BE AFFECTED? Companies likely to be covered under HIPAA range across the health care or health-care-related business segments such as medical providers, insurance companies, claims clearinghouses, and employers that self-insure workers' health benefits. These companies are referred to in the Act as "Covered Entities". Covered entities are defined as (1) health plans, (2) health care clearinghouses, and (3) health care providers who electronically transmit any health information in connection with transactions for which HHS HHS Department of Health and Human Services. has adopted standards. Generally, these transactions concern billing and payment for services or insurance coverage. For example, hospitals, academic medical centers, physicians, and other health care providers who electronically transmit claims transaction information directly or through an intermediary to a health plan are covered entities. Covered entities can be institutions, organizations, or persons. The Act also defines Hybrid Entities like universities with teaching hospitals or employee health plans managed in-house, where a part of the entity may fall under HIPAA regulations. The third major category of organization potentially effected by HIPAA is defined as the "Business Associate" of a Covered Entity. A Business Associate can be a person or entity who performs or assists in performance activities such as data analysis, claims processing or administration, utilization review u·til·i·za·tion review n. A process for monitoring the use, delivery, and cost-effectiveness of services, especially those provided by medical professionals. , and quality assurance reviews. Think of outsourcing claims payments, or processing, or your company's Storage Services Provider, where your employee accident and injury or health benefit records are stored. WHAT NEEDS TO BE DONE? In order to comply with HIPAA, it appears that the following general activities need to be accomplished: * PHI data must be backed up on a periodic basis. * There must be an 'audit trail' for backed up data that leaves the facility. * Access to backup media must be restricted to authorized personnel only Authorized Personnel Only (APO), is a fictional black ops unit within the Central Intelligence Agency in the American TV series Alias. It was formed at the beginning of Season 4 and is headquartered beneath the Los Angeles Subway system. . * There must be a backup plan and disaster recovery plan in place. * Data must be "a retrievable, exact copy" Much PHI originates in a Point of Contact (POC (Proof Of Concept) See PoC exploit. POC - Point Of Contact ) model and is stored in a variety of formats on a variety of devices in a heterogeneous collection of DAS, NAS (1) See network access server. (2) (Network Attached Storage) A specialized file server that connects to the network. A NAS device contains a slimmed-down operating system and a file system and processes only I/O requests by supporting the popular and SAN Storage environments. This means PHI could originate in Verb 1. originate in - come from stem - grow out of, have roots in, originate in; "The increase in the national debt stems from the last war" the field, at a secure location in desktop applications or as a record created directly to a live corporate database or to a replicated database for later aggregation, and because this information often carries critical weight in a healthcare as well as business sense, it is stored on the best available premium equipment. That impulse is only strengthened by the pressure of regulatory compliance placed on IT officers in organizations covered by HIPAA. So the varying ways in which PHI can enter a covered entity, the varying formats and record contents, the desire to store, protect and recover PHI, all in an economic climate of flat to declining IT budgets and tightening scrutiny of medical costs, create a strong demand for storage technology that is fast, flexible, reliable, inexpensive and scalable. SERIAL ATA See SATA. Serial ATA - Serial Advanced Technology Attachment IS THE ANSWER One of the best solutions lies in today's emerging Serial IO Technologies currently making their way into commercial application. SATA has several characteristics that make it an appropriate technology to build a compliance strategy around for HIPAA, other legal requirements currently in place, while responding to the normal pressures of business requirements on IT infrastructure. Serial storage architectures Serial Storage Architecture - (SSA) IBM's proposed ANSI standard for a standard high-speed interface to disk clusters and arrays. SSA allows full-duplex packet multiplexed serial data transfers at rates of 20Mb/sec in each direction. support flexible configurations, enabling an assortment of system connection options that help improve system performance and have the high availability Also called "RAS" (reliability, availability, serviceability) or "fault resilient," it refers to a multiprocessing system that can quickly recover from a failure. There may be a minute or two of downtime while one system switches over to another, but processing will continue. feature set required to protect data. SATA was created to introducing technical enhancements over older technologies in the areas of hot plug capability, signal integrity, reduced pin count, reduced power requirements and improved cable and connector plants for smaller form factor drives. SATA is a point-to-point interface protocol, designed for improved scalability at tremendous cost savings over today's Fibre Channel and parallel SCSI Parallel SCSI (formally, SCSI Parallel Interface, or SPI) is one of the interface implementations in the SCSI family. In addition to being a data bus, SPI is a parallel electrical bus: There is one set of electrical connections stretching from one end of the SCSI bus interfaces. Each device is directly connected to the host via a dedicated link. Each device, therefore, has the entire bandwidth dedicated to it, and there is no interaction between devices. This means that software can be streamlined, eliminating the overhead associated with coordinating accesses between the master and slave device sharing the same cable. SATA architecture changes the physical interface layer only. It conforms to the ATA-PI command set, which is the standard used on hundreds of millions of drives. It maintains register and software compatibility with Parallel ATA See PATA. . No device driver changes are necessary and the SATA architecture is transparent to the BIOS and the operating system operating system (OS) Software that controls the operation of a computer, directs the input and output of data, keeps track of files, and controls the processing of computer programs. . This means, SATA is 100 percent software compatible to IDE drives ensuring a smooth transition from software and driver perspectives reducing or eliminating data migration costs associated with rewriting drives and re-qualifying software allowing, existing operating systems Operating systems can be categorized by technology, ownership, licensing, working state, usage, and by many other characteristics. In practice, many of these groupings may overlap. to work seamlessly with SATA drives With its volume potential replacing IDE drives, it is believed that the cost of SATA drives will be parity to IDE drives, which is one third or less than today's SCSI SCSI in full Small Computer System Interface Once common standard for connecting peripheral devices (disks, modems, printers, etc.) to small and medium-sized computers. SCSI has given way to faster standards, such as Firewire and USB. or FC drives. Industry Analysts currently project that two thirds of all hard drives shipped in 2007 for multi-user applications will be serial. This equates to approximately 24 million units. In addition to direct attached storage for notebooks, desktop, workstation, and servers, SATA drives will be implemented as network storage with target applications such as large data farms, imaging, video storage, near-line storage, and high-performance back-up, all of which could be appropriate uses in support of an organizations efforts to comply with HIPAA requirements. The current generation of SATA runs at a data rate of 150 MB/sec, and the second generation of SATA is 300 MB/sec and will be introduced in the year 2004, followed by 600 MB/sec in the year 2007, roughly 3 years apart for each generation. SATA enjoys strong support from the industry, making it a safe technology to consider for desktop, department and data center applications, whether the application is driven by business needs or regulatory requirements. The feature set available on SATA storage products today delivers the type of performance and data protection that are required for enterprise-critical applications, including enclosure management, error handling/reporting, (SMART), hot plug capability, tagged command queuing TCQ redirects here; it is also the IATA code for the Crnl. FAP Carlos Ciriani Santa Rosa International Airport in Tacna, Peru. Tagged Command Queuing (TCQ) is a technology built into certain ATA and SCSI hard drives. , and dual path capability. With all of its inherent benefits, including price, performance and scalability, SATA storage technology will be the realistic remedy to the emerging HIPAA headache. Barbara Murphy is vice president marketing at AMCC AMCC Applied Micro Circuits Corporation AMCC Air Mobility Control Center AMCC Ashore Mobile Contingency Communications AMCC Advanced Materials Commercialization Center AMCC allied movement coordination center (US DoD) , San Diego San Diego (săn dēā`gō), city (1990 pop. 1,110,549), seat of San Diego co., S Calif., on San Diego Bay; inc. 1850. San Diego includes the unincorporated communities of La Jolla and Spring Valley. Coronado is across the bay. , CA www.amss.com |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion