Hitech Act Data Sheet

The Federal Government has taken major steps to facilitate the process of moving our
healthcare information from paper and pencil to an electronic based medium. The benefits of
having medical records in an ePHI format are many, although the risks to our privacy are
equally important to consider as we move in this direction.
The Health Information Technology for Economic and Clinical Health Act (HITECH Act) is part of
the American Recovery and Reinvestment Act (ARRA) signed into law in 2009. The Act contains
specific incentives designed to accelerate the adoption of health information technology (HIT)
by the health care industry, health care providers, consumers, and patients. Among other
things, these incentives are designed to encourage implementation of electronic health records
in a continuing effort to streamline healthcare information systems.
The Act is clear in - 45 CFR parts 160 and 164: Guidance specifying the technologies and
methodologies that render protected health information unusable, unreadable, or
indecipherable. The two accepted methods of protecting the data are encryption or
destruction. To meet these requirements, a healthcare provider must know the locations of all
EHR information - much of this information is stored in mainframe databases.
How will DataSniff benefit your HITECH Act compliance?

DataSniff is the only automated solution that will scan structured and unstructured data
looking for ePHI information in datasets and mainframe databases.
o The prospect of manual discovery in an environment that could have millions of
datasets is unrealistic.

DataSniff will locate datasets with ePHI that are unknown to the installation (rogue
datasets) and allow you to protect or delete the data.
o 40 years of copying data from production to test and development environments
as a result of supporting application development makes the existence of rogue
data almost an absolute.

DataSniff will map your sensitive data as a prerequisite to compliance, database audit,
data classification or information security. IBM says: You cant secure what you dont
know. You need good mapping of your assets both of your database instances and
your sensitive data inside your databases.
- IBM Software Information Management 8 Steps to Holistic Database Security Whitepaper 2010


_____________________________________________________________________________________

The software can be installed and deployed in less than one day, with scans enabled
immediately. Its features include:

The ability to analyze mainframe datasets in a variety of formats including: VSAM,
QSAM, BDAM, and BSAM, including PDSs, PDSEs and GDGs; as well as mainframe
hierarchical and relational databases such as IMS*, DB2*, Datacom and IDMS.
Patent-pending ability to recall migrated data sets to analyze them for unprotected
sensitive data then automatically re-migrate them back to secondary or tertiary storages
to preserve and properly manage primary disk storage.
Ability to scan structured and unstructured data to incorporate text fields, text
documents and notes fields, as well as structured data sets where the structure is
unknown or unavailable, include patent pending mechanism to find and decode packed
decimals into the holistic data discovery approach.
The Schedule by Media Type feature incorporates a granular calendar application to
manage and control usage of finite resources like primary disk space, tape readers and
even CPU cycles and control this by day of week or time of day so as not to interfere
with online responsiveness, batch processing windows, etc.
DataSniff significantly reduces rescans by building a SQL database containing the results
of its scans including Date Last Referenced allowing auditors to skip additional scans in
the future.
All current IBM supported versions of z/OS are supported by the DataSniff product.