PROTECTING PERSONAL INFORMATION IN HEALTHCARE Almost nowhere else is the need to protect information more percent of all data comes with no tradeoffs in performance legality mandated than in the healthcare field. The Health using the Pure Storage solution. The FlashArray uses a Insurance Portability and Accountability Act of 1996 (HIPAA) combination of both software-based encryption and an states that all personal information from patients needs to be application specific integrated circuit (ASIC) to provide the protected by firms that provide care. And it casts a wide net muscle for the encrypting and decrypting process. When used over what constitutes working in healthcare. Any provider in conjunction with the naturally speedy read and write times of medical or other health services that bills or is paid for offered by the flash drives, the FlashArray is able to perform healthcare in the normal course of business falls under HIPPA. much more efficiently with quicker input/output (IO) operations HIPPA was enacted with the hope that paper records would than even less-advanced storage solutions operating be transitioned over into an electronic format, which was unencrypted. The FlashArray offers compliance considered more secure at the time. The portability part with HIPPA regulations and protects organizations from of the law spells that out by requiring data to move with the heavy fines associated with HITECH violations with no patients to other facilities, doctors and even insurance plans. tradeoffs in performance. Organizations are required to keep all personally identifiable information private and secure regardless of its portability. The Health Information Technology for Economic and A full scale breach Clinical Health (HITECH) act gave HIPPA some more teeth in 2009, notably increasing fines on organizations that allow with the theft of personal patient information slip into the wrong hands. Under HITECH, fines can be as high as $1.5 million for each and hundreds or thousands every violation. Even a tiny breach of security, something as simple as not encrypting a single patient’s information, can of patient records would lead to millions of dollars in fines. A full scale breach with the theft of hundreds or thousands of patient records would be catastrophic for any organization. be catastrophic for But neither an accidental slipup nor a major, coordinated any organization. intrusion will happen with a FlashArray from Pure Storage acting as a digital sentry. Everything that goes onto the array is protected automatically using the Advanced Encryption Standard algorithm and 256-bit keys. Nothing But just encrypting information, even a hundred percent can be stored there, not a patient record or a name, not a of it, won’t give organizations total compliance with HIPPA phone or social security number, or anything else protected regulations. The data itself has to be managed intelligently under HIPPA without it being locked down with AES-256 so that users are only allowed to see the information they encryption. There won’t be any oversights that lead to data are authorized to access. Technically, even if a system is being left unprotected. The FlashArray simply won’t allow that completely protected, having an unauthorized person within to happen. an organization able to access restricted information could be Encrypting every bit of data that goes onto any drive in the considered a violation of the HITECH guidelines. FlashArray might seem like a protection method that could slow down operations. And with a less-advanced storage array, it would. But the process of protecting one hundred © Pure Storage 2014 | 3