• About InfoGard

  The Company

  • Overview
  • What We Do
  • Credentials
  • Independent Third Party
  • Careers
  • Contact Us

  Clients

  • Our Customers
  • Customer Testimonials

  Management Team

  • Company Management
  • Company Advisors
• Sectors We Serve

  Healthcare IT

  • EHR Testing & Certification
  • ONC-ATCB Certification
  • Hospital EHR Certification
  • Hospital Meaningful Use Incentive Payment Security Risk Analysis
  • Electronic Prescriptions for Controlled Substances (EPCS)
  • HIPAA Security & Privacy Assessments
  • SecureEHR
  • Breach Safe Harbor Certification
  • CalHIPSO
  • Penetration Test Services for Healthcare
  • Healthcare Vulnerability Scan Service
  • Medical Device Validation
  • Services for Security Technology Vendors
  • Healthcare Security and Privacy Offerings

  Federally Mandated Security

  • FIPS 140-2
  • Common Criteria Validation
  • Postal Systems
  • FIPS 201 (NPIVP) Card Command Validation

  Financial Services

  • Hardware Security Module
  • PCI Pin Entry Device Security
  • PCI Approved Scanning Vendor Validation
  • MasterCard PTS
  • Australian Payments Clearing Association
• Problems We Solve

  Problems We Solve

  • Healthcare
  • Smart Card/ID
  • Financial Industry
  • Federal Government

  Security Technology

  • Cryptographic Knowledge
  • Comprehensive Network Assessments
  • System Security Assessments
  • Compliance Assessments
  • FIPS 140-2
• Blog, News, & Events
  • Blog
  • Conferences
  • News
• Resources

  Resources by Sectors

  • Federally Mandated Security
  • Financial Services
  • Healthcare IT

  General Resources

  • Network Security Assessment
  • GSA Schedule
  • FAQ About EHR & HHS Safe Harbor Certification
  • Meaningful Use & Certification
  • About Breach Safe Harbor
  • Useful Links

About Breach Safe Harbor

Home > Resources > Resources for Healthcare IT > About Breach Safe Harbor

The HITECH Act requires notification and allows for significant monetary and administrative penalties when a breach of the HIPAA Privacy Rule occurs.

Under the HIPAA Privacy Rule, a breach is defined as “the unauthorized acquisition, access, use, or disclosure of protected health information which compromises the security or privacy of such information…”

HHS provides guidance for rendering electronically protected health information (ePHI) unusable, unreadable, or indecipherable to unauthorized individuals. Covered entities and business associates do not have to comply with the breach notification requirements if their data are protected in accordance with the guidelines because no unsecured PHI has been accessible to unauthorized individuals.

The HHS Guidelines for securing ePHI are in addition to the to the Privacy and Security requirements of the Stage 1 certification for Meaningful Use Criteria stated in 45 CFR 170.210 Standards for health information technology to protect electronic health information created, maintained, and exchanged. The Guidelines require the use of specific technologies and methodologies approved by the National Institute of Standards and Technology (NIST) to secure ePHI while at rest, in motion, or at destruction.

Compliance with the HHS/NIST data at rest guidelines eliminates the risk of unsecured data breaches associated with stolen or inadvertently disclosed media. Compliance with the HHS/NIST data in motion guidelines will protect data movement within and between provider organizations and is an enabler for interoperability between organizations and products.

InfoGard offers SecureEHR services to ensure organizations that handle electronically protected health information (ePHI) are knowledgeable as to where they stand in appropriately securing and safeguarding ePHI against breach, according to HIPAA Privacy Rule and the HITECH Act.