You Must Meet All 5 of These Federal Technical Safeguards


Transmission Security

















Missing Even One When Handling ePHI is a HIPAA Violation:
1. Transmission Security - Regulation §164.312(e)(1)

WHAT IT MEANS - Converts information into a code, also called encryption. You want the highest number when it comes to encryption (i.e. 256, 1024, 2048-bit), because the higher the level, the stronger the security

HOW WE DO IT - Your information is secured using 2048-bit encryption.  This is a significantly greater security level  than required to be in compliance of federal laws

2. Authentication - Regulation §164.312(d)

WHAT IT MEANS - You must verify people are who they say they are in any electronic communication

HOW WE DO IT - iCoreExchange uses the federally-recognized DIRECT Protocol to verify recipient identity. Every subscriber is verified through multiple forms of identification

3. Access Control - Regulation §164.312(a)(1)

WHAT IT MEANS - Ensures no unauthorized access of devices by a person other than the known, authorized user

HOW WE DO IT - iCoreExchange will automatically log users off after a certain period of time

4. Audit Control - Regulation §164.312(b)

WHAT IT MEANS - You must be able to produce a detailed audit trail of all user access and activity

HOW WE DO IT - iCoreExchange automatically logs and audits all required actions and will produce an audit report within minutes of a user session for HIPAA auditors

5. Data Integrity - Regulation §164.312(c)(1)

WHAT IT MEANS - Data must remain unaltered in its original format and encrypted at all times

HOW WE DO IT - iCoreExchange HIPAA-compliant servers eliminate the possibility to manipulate data

HIPAA Administrative Requirement §164.316(b)(1):

WHAT IT MEANS - Emails must be stored for at least 6 years from the date of creation or last use

HOW WE DO IT - iCoreExchange HIPAA-compliant servers store everything, unaltered and encrypted, for 6 years, fully meeting the federal requirement.  This administrative safeguard is inseparable from the five technical safeguards above. Failure to meet any one is a failure to be HIPAA compliant.