HP helps organizations meet government compliance requirements

HP has announced HP Data Privacy Services, a comprehensive suite of IT services that protect and manage sensitive data while helping to reduce risk, improve life cycle data management, and manage compliance with new and existing federal regulatory requirements.

Healthcare and consumer financial information organizations are concerned with security threats that increase the risk of unauthorized access to personal data, or jeopardize the integrity of this information. Organizations must also meet strict compliance requirements for global data security laws and regulations with heightened enforcement and increased penalties. These laws and regulations include the United States’ Health Insurance Portability and Accountability Act (HIPAA), the European Union’s Data Protection Directive and India’s Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011.

To help U.S.-based healthcare organizations align IT practices with the HIPAA Omnibus Rule, HP is offering new HP Data Privacy Services. A top-ranked vendor for data privacy by Ponemon Institute, (1) HP is in a unique position to offer services that help customers manage and protect sensitive data, including the secure retention and sanitization of hardware components, active or retired, that may contain personal health information.
“Continued automation in the healthcare environment and broader access to patient information are expanding the risk of costly data breaches,” said Lou Berger, vice president, Services Enablement and Readiness, Storage, HP. “HP Data Privacy Services ensure that organizations have the necessary infrastructure support to help them protect and optimize sensitive data, while accelerating business innovation and complying with data security regulations.”

Best practices for regulatory compliance
An HP Technology Services support professional is assigned to a customer account as a single point of contact for advice on data privacy. HP shares best practices to help customers improve compliance to legal and regulatory mandates, respond to security incidents and maintain accurate records.

Verified data removal
Erasing or deleting data from retired IT systems, upgraded hardware and servers, or return-leased equipment is insufficient for permanently removing all confidential information. The HP Data Sanitization Service provides the on-site resources and tools to ensure data cannot be reconstructed or retrieved from these devices. HP specialists provide customers confirmation of data removal, verifying that all sanitization procedures have been performed in accordance with predefined criteria.

Secure options for keeping data safe
Business-critical data is often retained in multiple places, including switch components, memory-retentive system boards and system memory. To control sensitive data, HP offers two services that reduce security risks and ensure privacy compliance:
HP Defective Media Retention (DMR) enables customers to maintain and control disk media and data in the event of a disk malfunction. An HP support agent will diagnose the problem and dispatch personnel to the customer site with a replacement disk or part.
HP Comprehensive Defective Material Retention (CDMR) enables customers to retain data from components that fail, regardless of where it resides when the failure occurs.
Air-tight asset recovery
HP Asset Recovery Services offer customized enterprisewide plans for tracking assets—from packing and shipping to processing, resale and recycling—helping customers easily manage potential risks, as well as optimize opportunities associated with surplus IT equipment.