 OpenVMS
compliance with HIPAA security requirements |
HP is pleased to report that OpenVMS, along with selected layered
products meet all proposed technical security requirements of HIPAA. A
comprehensive investigation was recently completed, to address all the
security standards established for HIPAA compliant systems. The detailed
investigation report is available.
|
What is HIPAA? |
The Health Insurance Portability and Accountability
Act of 1996 (HIPAA) is US federal legislation aimed at health plan issuers,
group health plans, and, in some instances, employers. HIPAA requires
the US Department of Health and Human Services to adopt uniform security
standards for sensitive health care information. The standards, which
are currently in Notice of Proposed Rule Making status, cover five specific
areas:
- Administrative procedures to protect data integrity,
confidentiality and availability
- Physical safeguards to protect data integrity, confidentiality
and availability
- Technical security services to protect data integrity,
confidentiality and availability
- Technical security mechanisms to protect against unauthorized
access to data that is transmitted over a communications network
- Electronic signature
These standards will apply to all network-based health
care information systems.
|
OpenVMS compliance investigation |
HP’s OpenVMS Systems Group recently completed a comprehensive
investigation to determine the compliance of OpenVMS and selected layered
software products with the proposed HIPAA standards. A whitepaper is available,
which details the OpenVMS compliance investigation. This whitepaper addresses
all the security standards established for HIPAA compliant systems.
» OpenVMS HIPPA White Paper (DOC)
It is important to note that because the HIPAA implementation
plan is behind the original proposed schedule, the security standards
used for this whitepaper have not been formally approved and are still
subject to change. However, the standards used in this paper were published
in December 1999 and have not changed since. The OpenVMS system configurations
for this whitepaper include standalone and cluster versions of OpenVMS
V7.2 with a common security domain for all systems.
|
OpenVMS meets all technical security requirements |
HP is pleased to report that OpenVMS, along with
selected layered products meet all technical security requirements of
HIPAA. HP already tests and/or uses these products as part of the OpenVMS
release qualification process. This demonstrates that OpenVMS V7.2 already
meets or exceeds the existing HIPAA Security Standards, and HP intends
to comply with HIPPA in future versions of OpenVMS.
HP’s many customers in the healthcare industry who rely
on our AlphaServer and VAX systems running OpenVMS, can be assured that
as HIPAA security standards are implemented, OpenVMS will be fully compliant.
HP products and services can be depended on to ease the HIPAA implementation
for all healthcare customers.
|
