Enabling HIPAA Compliance
Born in August 1999, TrustData Solutions Corporation has already matured enough to take giant steps in the eSecurity arena. HIPAA experts agree TrustData’s solutions are probably the most advanced technology today for allowing companies to enable HIPAA compliance.
The San Jose-based company developed a Core Partner relationship with a company called InterTrustÆ Technologies Corporation and licensed its digital rights management eCommerce platform. From there, it has developed privacy software solutions that are implemented into customers’ existing infrastructure. Its products incorporate InterTrust’s MetaTrust Utility including an ASP (Application Service Provider) solution that allows ASPs to create a method by which they can conduct eCommerce in a secure and private environment.
And it’s ideal for enabling HIPAA compliance.
The ASP solution goes beyond protecting data as it travels from Point A to Point B in a network and continues to control the information at an end user’s desktop. “We can set intents that disable functions, such as cut/copy/paste; we can prevent printing (or enable printing); we can set a time period and deadline for viewing the information; and we can attach pricing models in order to view the information,” says Tony Chipelo, Executive Director; Business Development & e-Business strategies at TrustData.
The InterTrust technology uses a DigiBox, a digital container that was originally designed for the entertainment industry to protect the intellectual property rights of the musical artists. “The container allows the ASP to package business rules with the information content so that when it reaches its destination it is still encrypted for usage. The end user needs a special piece of software called an InterRights Point (IRP) to access the digital container. The IRP will authenticate who they are and under what rights and rules they can view or distribute the content,” Chipelo explains. In the HIPPA space, the rules engine also allows the ASP to de-identify personally identifiable healthcare information.
Using a clearinghouse infrastructure, the technology allows for the collection of usage data , providing a complete audit trail – online and offline – which allows the ASP to identify at a very granular level who has had access to the data, for what reasons and any security breaches that may have occurred. “Under the HIPAA provisions, that is going to be an incredibly important feature,” states Chipelo. “Although auditing is not a requirement of HIPAA, at some point in time, you may have to prove that a violation occurred or did not occur, should the government regulatory agencies decide to audit you for security and privacy purposes.”
Safe and Secure
TrustData’s secure email product, “Trusted Messaging”, offers the same level of security, auditability and data collection. The middleware plugs into a customer’s existing email application and enables the user to send messages in a format that allows rules as to who can view the message and what they can do with it (edit, print, save, forward, etc.) after they view it. In this way, it also protects patient identifiable information.
“Trusted Transport” is another TrustData solution that can be used in the Enterprise or ASP model. However, the method of delivery is different, usually an Internet portal, rather than an email application.
TrustData’s services also include project assessment, design customization, customer support, implementation and training. Beyond the healthcare industry, the company serves the financial services and government arenas.
Although TrustData Solutions is still a young company and is just now beginning to sign up Enterprise and ASP customers, two forward-thinking companies are on board with the TrustData concepts. Medicheck, Inc. (not an ASP), in Southern California, is in the implementation phase at the time of this writing. Its customers are physicians and provider groups who sign up to use Medicheck’s Web portal to check multiple databases and gather patient eligibility data. The Medicheck system retrieves that information and distributes it to the physician desktop, and TrustData will ensure that it remains confidential. Medicheck also added the Trusted Messaging feature to its portal so that physicians can send messages with medical records, lab results, x-rays and other types of information to each other in a secure, private environment.
J.S. Wurzler Underwriting Managers, (a subsidiary of Lloyd’s of London), after a due diligence review, believes the use of TrustData’s products could significantly reduce the risk associated with unauthorized use and access of sensitive business information. Consequently, Wurzler is offering insurance customers preferred coverage and rates through Lloyd’s of London when they use TrustData’s technology.
With the increasing use of the Internet connectivity to improve speed and efficiency in business processes, providers and payers must take steps to reduce the Internet’s inherent privacy risks. TrustData’s cutting-edge technology promises private, protected communications and enables HIPAA compliance for healthcare customers.