• About InfoGard

  The Company

  • Overview
  • What We Do
  • Credentials
  • Independent Third Party
  • Careers
  • Contact Us

  Clients

  • Our Customers
  • Customer Testimonials

  Management Team

  • Company Management
  • Company Advisors
• Sectors We Serve

  Healthcare IT

  • EHR Testing & Certification
  • ONC-ATCB Certification
  • Hospital EHR Certification
  • Hospital Meaningful Use Incentive Payment Security Risk Analysis
  • Electronic Prescriptions for Controlled Substances (EPCS)
  • HIPAA Security & Privacy Assessments
  • SecureEHR
  • Breach Safe Harbor Certification
  • CalHIPSO
  • Penetration Test Services for Healthcare
  • Healthcare Vulnerability Scan Service
  • Medical Device Validation
  • Services for Security Technology Vendors
  • Healthcare Security and Privacy Offerings

  Federally Mandated Security

  • FIPS 140-2
  • Common Criteria Validation
  • Postal Systems
  • FIPS 201 (NPIVP) Card Command Validation

  Financial Services

  • Hardware Security Module
  • PCI Pin Entry Device Security
  • PCI Approved Scanning Vendor Validation
  • MasterCard PTS
  • Australian Payments Clearing Association
• Problems We Solve

  Problems We Solve

  • Healthcare
  • Smart Card/ID
  • Financial Industry
  • Federal Government

  Security Technology

  • Cryptographic Knowledge
  • Comprehensive Network Assessments
  • System Security Assessments
  • Compliance Assessments
  • FIPS 140-2
• Blog, News, & Events
  • Blog
  • Conferences
  • News
• Resources

  Resources by Sectors

  • Federally Mandated Security
  • Financial Services
  • Healthcare IT

  General Resources

  • Network Security Assessment
  • GSA Schedule
  • FAQ About EHR & HHS Safe Harbor Certification
  • Meaningful Use & Certification
  • About Breach Safe Harbor
  • Useful Links

Breach Safe Harbor Certification

Home > Healthcare Information Technology > Breach Safe Harbor Certification

InfoGard is now providing Breach Safe Harbor Certification of Health InformationTechnology (HIT) products and Security solutions that comply with Breach Safe Harbor requirements. This certification offers Healthcare providers confidence that the HIT products they select meet the Breach Notification Rule requirements for a Safe Harbor as designated by the Health Insurance Portability and Accountability Act (HIPAA)/Health Information Technology for Economic and Clinical Health (HITECH) Act Breach Notification Rule.

Under the Breach Notification Rule, a Safe Harbor is established that relieves Healthcare providers from reporting requirements and being fined penalties when Protected Health Information (PHI) is “breached,” e.g., lost or stolen. This Breach Safe Harbor is afforded when PHI is protected by HIT products in compliance with specified National Institute of Standards and Technology (NIST) Standards and Guidances.

Breach Safe Harbor requirements were established under the HIPPA/HITECH Breach Notification Rule by the HHS Interim Final Rule (45 CFR Parts 160 and 164), which relies on Federal Information Processing Standard 140-2 (FIPS 140-2) to provide the cryptographic security requirements as the basis of the Breach Safe Harbor.  See the following for details:

• http://edocket.access.gpo.gov/2009/pdf/E9-20169.pdf
• http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/brguida

InfoGard's Approach to Breach Safe Harbor Certification

InfoGard's Breach Safe Harbor Certification is designed to facilitate a Security solution’s Federal Information Processing Standard (FIPS) 140-2 Compliance Validation. Safe Harbor Certification may be obtained with modest additional effort for products that have current FIPS 140-2 validations or are undergoing validation concurrent with our Safe Harbor Certification.

If your product has not yet undergone FIPS 140-2 validation, InfoGard can help. With nearly 20 years of experience performing FIPS 140 validations, we have developed a wide range of services to assist Security solution providers prepare for and undergo successful validation.

Your Breach Safe Harbor Certification will be publicly posted together with information that describes your product and indicates how it can be used to achieve Safe Harbor protection.

If you are interested in applying for Safe Harbor Certification of your HIT solution, or if you want to learn more about this program, please call us at 805.783.0810 or use our Contact Form.