Secure, Compliant and Automatic Online Backup by One Click Technology Group


EnVault Security and Encryption

Why is it important to secure and encrypt my organization's data? Your organization needs to protect EPHI from unauthorized access and corruption.

David Kibbe of the American Academy of Family Physicians explains,

"The basic idea behind cryptography, of which electronic data encryption is a branch, is that a group needs to keep a message secret from everyone else and therefore encrypts it. Encryption is the transformation of a message from plain text into nonsensical cipher text before the message is sent. Anyone who steals the cipher text message will not be able to understand it. Only those who have the code used to encrypt the message can convert it back from cipher to plain text and reveal its meaning."

The following types of electronic data contain information that should be encrypted when backed up:

  • Patient billing and administrative information exchanged with payers and health plans;
  • Utilization and case management data, including authorizations and referrals that are exchanged with payers, hospitals and utilization management organizations;
  • Patient health information gathered from or displayed on a Web site or portal;
  • Lab and other clinical data electronically sent to and received from outside labs;
  • Word-processing files used in transcription and other kinds of patient reports that are transferred electronically;
  • E-mails between physicians and patients, and between attending and referring physicians and their offices.

The solution offers a secure and trusted method to protect this private data. During a backup, all data – including patient and billing records – will be encrypted before leaving the user's computer(s) and is never accessible without the user's encryption key. This encryption key is stored only on the user's system and never transmitted over the Internet. The backup is not stored on theEnVault servers, thus EnVault cannot access files or even read the file names. Only the user maintains control of their data, eliminating the threat of unauthorized access.

HIPAA Compliance

EnVault can help organizations meet HIPAA compliance requirements, specifically those of the Security Rule.

EnVault is an online backup, archiving and recovery solution that automates the process of securely backing up electronic data and file recovery. EnVault was created, with healthcare providers in mind, to satisfy the broad need for a safe, reliable, and cost-effective method of backing up data offsite and allowing full file restoration at any time from any authorized location. The solution was designed to encompass the advanced functionality and features of backup systems used by Fortune 500 companies, yet be effortless for anyone to use regardless of their computer expertise.

The solution ensures that all electronic protected health information (EPHI) is fully protected when it is backed up and stored. The software encrypts all data and stores the information in military-grade secure facilities. The HIPAA security standards require your practice to appoint someone as the security manager, thus only this designated individual in charge of the security management process will have access to this data, hence preventing unauthorized access or corruption. Furthermore, in the event of a natural disaster or system failure, the data will be recoverable, thus, assuring that patient medical records will not be lost.

EnVault Logging and Archiving

The software records each file that is backed up or restored as well as additional information and statistics regarding the backups. This audit log, which can easily be searched, allows the user to verify that files were successfully backed up and help troubleshoot any issues. The user also has the option to receive an automated email notification at the conclusion of each successful backup. Information about recent backups and total storage usage can also be viewed via the Internet, by logging on to the user's account.

The HIPAA Security Rule

The Security Rule applies to protected patient health information in electronic formats. This is protected patient information either transmitted by electronic media or maintained on electronic media. Covered entities that maintain or transmit protected health information are required by the Security Rule (see 45 C.F.R. §164.306) to:

  • Ensure the confidentiality, integrity, and availability of all electronic protected health information the covered entity creates, receives, maintains, or transmits.
  • Protect against any reasonably anticipated threats or hazards to the security or integrity of such information.
  • Protect against any reasonably anticipated uses or disclosures of such information that are not permitted or required under subpart E of this part.
  • Ensure compliance with this subpart by its workforce.