Data Security Compliance and Regulatory Solutions for Retail Pharmacies

Thales e-Security helps retail pharmacy customers comply with regulatory requirements for data protection through data-at-rest encryption

Pharmacies

Retail pharmacies are in the uncomfortable position of needing to comply not only with PCI DSS standards but also the need to comply with other regulations like HIPAA/HITECH as well as protect their organizations from violation of State, Federal and Local data breach statutes. Thales e-Security’s data protection solutions help retail pharmacies secure their data and comply with regulatory requirements through data-at-rest encryption and secure access controls to the encrypted information

PCI DSS Compliance

The Payment Card Industry Data Security Standards (PCI DSS) mandates that all organizations that accept, acquire, transmit, process, or store cardholder data must take appropriate steps to continuously safeguard all sensitive customer information.

HIPAA/HITECH Compliance

The HIPAA Security Rule requires covered organizations to implement technical safeguards to protect all Electronic Personal Healthcare Information (ePHI), making specific reference to encryption, access controls, encryption key management, risk management, auditing and monitoring of ePHI information.

The HITECH act then expands the compliance requirement set, requiring the disclosure of data breaches of “unprotected” (unencrypted) personal health records (PHR), including those by business associates, vendors and related entities. Finally, the “HIPAA Omnibus Rule” of 2013 formally holds business associates liable for compliance with the HIPAA Security Rule.

International, Federal and State Regulatory Compliance

Data breach notification requirements on loss of personal information have increasingly been enacted by nations around the globe as well as by US State governments. Data breach disclosure laws and notification requirements vary by jurisdiction, but almost universally include a “safe harbor” clause if the data lost was in encrypted form.

The DEA’s requirements for EPCS include that the cryptographic module used to digitally sign data elements be at least FIPS 140-2 Level 1 validated and that the pharmacy application’s private key must be stored encrypted.

The Vormetric Data Security Platform

The Vormetric Data Security Platform is the only solution with a single extensible framework for protecting data-at-rest under the diverse requirements of retail pharmacies across the broadest range of OS platforms, databases, cloud environments and big data implementations. The result is a low total cost of ownership, as well as simple, efficient deployment and operation.

Vormetric Transparent Encryption

Vormetric Transparent Encryption provides file and volume level data-at-rest encryption, secure key management and access controls required by regulation and compliance regimes. Data access monitoring information provides another level of protection from malicious insiders, privileged users, and attacks that compromise accounts - delivering the access pattern information that can identify an incident in progress.

Vormetric Application Encryption

Vormetric Application Encryption enables organizations to easily build encryption capabilities into internal applications at the field and column level.

Vormetric Key Management

Vormetric Key Management enables centralized management of encryption keys for other environments and devices including KMIP compatible hardware, Oracle and SQL Server TDE master keys and digital certificates.

Vormetric Tokenization with Dynamic Masking

Vormetric Tokenization with Dynamic Masking lets administrators establish policies to return an entire field tokenized or dynamically mask parts of a field. With the solution’s format-preserving tokenization capabilities, managers can restrict access to sensitive assets, yet at the same time, format the protected data in a way that enables many users to do their jobs.

Quick and Easy to Install No Matter what your OS

Thales e-Security can work with you to install Vormetric Data Security solutions in weeks rather than months. Vormetric’s solutions work with most major operating systems, including Linux, UNIX and Windows servers in physical, virtual, cloud and big data Cardholder Data Environments (CDE).

Easy to Use

Vormetric Data Security makes it simple to address security and compliance concerns by simultaneously defending data in databases, files and Big Data nodes across public, private, hybrid clouds and traditional infrastructures. Central management of the entire data security platform makes it easy to extend data security protection and satisfy compliance requirements across the entire enterprise, growing as required, without adding new hardware or increasing operational burdens. Vormetric today is helping a major retail bank protect 10,000 servers and a major retailer protect over 15,000 servers.

Doesn't Slow System Performance

Customers typically report no perceptible impact to end-user experience when using Vormetric solutions. Vormetric performs encryption and decryption operations at the optimal location of the files system or volume manager taking advantage of hardware cryptographic acceleration, such as Intel® Advanced Encryption Standard-New Instructions (Intel® AES-NI) and SPARC Niagara Crypto, to speed the encryption and decryption of data.

Case Studies : Large Enterprise Retail Company

Is concerned about protecting the following types of information:

  • Healthcare information
  • Employee personally identifiable information (PII)
  • Customer personally identifiable information (PII)

Download

Research and Whitepapers : A Coalfire White Paper: Using Encryption and Access Control for PCI DSS 3.0 Compliance in AWS

Compliance and security continue to be top concerns for organizations that plan to move their environment to cloud computing. Besides that, achieving PCI compliance is not a simple task.

Download

인터랙티브 동영상 시청하기 자세히 보기
라이브 데모 예약하기 예약하기
전문가와 상담하기 연락하기