The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 and is one of the first regulations to apply specifically to securing a type of information we now know as protected health information (PHI) in electronic or digital form, both when held in storage and during transfer between two entities. Reflecting on the state of technology at the time, the regulation was visionary.
A Lot Has Changed
When we think of the transfer of electronic data today, we think of things like email, file sharing, and (of course) managed file transfers. For what seems like forever, sending large amounts of data is a simple matter of a few keystrokes or clicks. But back in 1996 email was not ubiquitous, and a lot of digital information was communicated by saving files on a floppy disk and physically walking it (“sneaker net”) to another computer, or even mailing the disk through the U.S. Postal Service.
Another fast and simple way of sharing information was the facsimile (fax) machine. It seems quaint now, but back then you’d write up a cover sheet letting whoever happened to pick up the copies of what you sent know who the file should go to, and how many sheets of paper were to follow. Then you’d dial the phone number of the recipient’s machine and hope the line wasn’t busy. You’d also have to hope that the in-box adjacent to the other fax machine wasn’t filled with takeout menus and other random transmission printouts. If the information was time sensitive or important, you would follow up with a phone call alerting the receiving party that the transmission was successful and confirming they had the information.
As you can imagine, security was an afterthought. Still, things were changing. The Telecommunications Act of 1996 passed that same year effectively ending the telephone monopoly enjoyed by AT&T and the regional carriers, and as it became cheaper to send information over traditional telecommunications infrastructure, innovation exploded. Copper wire was replaced by fiberoptic cable, switching gear got smaller and faster, and, well, today nearly everyone carriers a wireless computer in their pocket with the ability to store and transmit more information than was possible with entire data centers thirty years ago.
Foresight over Short-Sighted
Which brings us back to HIPAA. I doubt that Donna Shalala, then secretary of the Department of Health and Human Services and primary author of the regulation, could have foreseen where innovation and advancement of digital communications would lead, but to her credit she didn’t shackle the law to the limits of short-sightedness. Because of that foresight, HIPAA (which has been amended to clarify and strengthen the law as necessary) today remains a landmark regulation that, when followed, helps keep some of an individual’s most sensitive and personal information private.
Today, Coviant Software plays a vital role in helping some of the world’s largest health services organizations maintain HIPAA compliance by providing them with the ability to effect secure, automated managed file transfers by using our Diplomat MFT platform. Diplomat MFT is a secure, reliable, and easy to use product that automates essential parts of securely transferring sensitive files, including those containing PHI, like OpenPGP and SFTP encryption for files in motion and at rest, capturing auditable data for confirmation of compliance, notifications when things go wrong, and scheduling.
If your organization is trying to establish or improve its HIPAA compliance program and needs a secure, reliable, and simple managed file transfer platform, give Diplomat MFT a try. You can download a free trial or schedule a free demonstration. Once you see for yourself how easy it is to use Diplomat MFT, we’re confident you’ll join the ranks of customers like Molina Healthcare and CHRISTUS Health who rely on Coviant Software as a trusted partner in HIPAA Compliance.