Ingrian Networks Offers HIPAA-Ready Solutions for Supporting Hipaa Privacy and Security Guidelines

Business Wire, Feb 10, 2003

Business Editors/High-Tech Writers

HIMSS 2003 Annual Conference

Healthcare organizations must be complaint with HIPAA privacy

regulations by April 14, 2003.

Ingrian exhibiting in booth #4911 at the 2003 Annual HIMSS conference

in San Diego, California, on February 9-13, 2003.

REDWOOD CITY, Calif.--(BUSINESS WIRE)--Feb. 10, 2003

Ingrian(TM) Networks, the leading provider of application security for Internet-powered businesses, today announced solution strategies to help healthcare organizations address HIPAA (Health Insurance Portability & Accountability Act) requirements for privacy of Web transactions containing Protected Health Information (PHI).

The HIPAA legislation was created by the U.S. Government, in part, to guarantee privacy and security of Protected Health Information (PHI). Healthcare organizations must be compliant with HIPAA privacy regulations by April 14, 2003. While underlying technical guidelines of HIPAA are still being finalized, one point had been made clear: Healthcare organizations must ensure the privacy of PHI in transit over the Internet and in storage on servers within their private networks. Healthcare organizations that do not comply with HIPAA guidelines may be liable if PHI is compromised or stolen.

"By helping to meet the stringent requirements of HIPAA, Ingrian has not only further solidified its place in the market, but proven that its products deliver the highest level of Web application security", says Aaron Vance, Industry Analyst with Synergy Research Group. "What's more, Ingrian has further differentiated itself from its competition by providing complete end-to-end transaction privacy both outside the firewall and within."

Ingrian Networks is assisting healthcare organizations by offering comprehensive HIPAA-ready application security solutions that safeguard Web transactions across the Internet and inside the firewall, in transit and in storage. Ingrian solutions deliver this value through a secure transaction platform that performs several integrated security functions:

-- Authenticates individual Web users that want to access PHI data

-- Establishes secure, encrypted connections between Web servers and remote users

-- Secures PHI data in storage on the servers and databases in a healthcare network

-- Protects the cryptographic keys on a separate, secure platform

-- Provides audit trails of all Web transactions

"The deadline for complying with HIPAA privacy guidelines is just a few months away. Most healthcare organizations are pretty far along in their privacy assurance plans, but often unclear about how the implement the underlying security technology that helps assure privacy," said Franklyn Jones, Senior Director of Corporate and Product Marketing. "Ingrian's HIPAA-ready security solutions are designed to provide the assurance of transaction privacy for these healthcare organizations."

Ingrian's product offerings for HIPAA-ready transaction privacy support three key areas by:

-- Protecting PHI Data in Motion -- One of the most effective

ways to protect PHI data in this regard is to use the Secure

Sockets Layer (SSL) protocol. With an SSL connection in place,

healthcare entities can safely transmit PHI data, credit card

information, and any other sensitive, confidential

information. Ingrian provides rack-mounted hardware platforms

that sit in front of Web servers and offload all SSL

processing responsibilities from an organization's servers. In

addition, Ingrian also secures Web-based e-mail access,

supporting popular e-mail options like Microsoft OWA and Lotus

iNotes. This level of support is important because

HIPAA-compliant XML EDI documents can also be sent via e-mail.

-- Protecting PHI Data at Rest -- The data most vulnerable to

attack is data at rest, stored in back-end servers and

databases. While it is tempting for a hacker to hijack a

patient's identity or financial information during an insecure

transaction, it is far more tempting to attack a database

where hundreds or thousands of patient records are stored.

Since data is "at rest" more than 90% of its life, this is a

key aspect of HIPAA and PHI security. Ingrian's

Network-Attached Encryption(TM) (NAE) solution leverages

Ingrian's secure transaction platforms and patent-pending

cryptography software to offload cryptographic functions from

multiple application servers onto a very secure Ingrian

platform.

-- Controlling Access to PHI Data -- Protecting data in motion

and at rest will go a long way toward HIPAA security

compliance, but it is just as important to apply stringent

controls in terms of individual user access to applications

and data. User names and passwords have long been the norm for

providing security at the access level. But that type of basic

security information can be easily hijacked by savvy

attackers. Instead, what is more effective -- and what is

necessary for HIPAA readiness -- is the ability to enforce

specific policies in regard to individual user authentication

and authorization. Ingrian Networks, through its partnership