Archive for March 2013
HIPAA omnibus rule redefines role of business associates

Axway’s Ruby Raley recently posted on Please take a look and share your thoughts!

Covered entities (e.g.,  doctors, hospitals, etc.) provide health services, while business associates help them provide health services. Until January, only covered entities were responsible for reporting data breaches to the Department of Health and Human Services (HHS). While HIPAA required the covered entities to contractually obligate their business associates to safeguard any protected health information (PHI) they handled, business associates were under no obligation to report data breaches to anyone other than the covered entities they served. But that’s all changed since the finalization of the HIPAA Omnibus rule.

Edges, Plural

By John Thielens, CSO, Axway

You already know you’ve got to filter the content of your collaborative documents before they cross the edge of the enterprise.

But, wait. What is the edge of the enterprise? Isn’t that term a gross oversimplification of a complicated concept — an oversimplification that sometimes unnecessarily burdens the enterprise?

I believe it is.

To make sure the benefits of your content filtering efforts outweigh the burden, let’s visualize your business as a collection of data-storage jurisdictions, or “zones.”

Next, let’s imagine you have data-management requirements over those zones. Let’s recognize that collaborative documents that cross any edges — whether the external edge of the enterprise or the internal zone edges within the enterprise — will be covered by regulations of varying importance.

That last part is at the heart of this post. It characterizes why avoiding oversimplification of this complicated concept is so important.

By recognizing the enterprise’s internal edges as well as its external edges, you can identify the parts of the business that are most eligible for innovative cloud technologies. These are the zones that have less rigorous regulations; already have the agility to send data to, and receive data from, private and public clouds; and don’t need to wait for infrastructures, service providers, and operational-transparency APIs to someday mature in order to operate safely.

By knowing which edges of the enterprise are which, you can identify those that are fit for having content-filtered, collaborative documents sent across them. You can be free to collaborate no matter how strict the regulations, and you can do it without worry.

So continue to filter the content of your collaborative documents, but remember: not all edges are created equal. You very well may be putting too much effort into securing an edge that no regulations — or even best practices — are asking you to secure. You may be misallocating resources that could be more effectively applied elsewhere.

You may, in fact, be hobbling your enterprise’s capacity to collaborate — and for no good reason at all.