HIPAA (the Health Insurance Portability and Accountability Act of 1996) is U.S. legislation created to improve healthcare standards. Covered entities and their business associates must be HIPAA compliant to protect the rights and privacy of patients and their protected health information (PHI). We know the HIPAA industry is vast and that it is important to properly secure data to ensure HIPAA compliance.
SEE ALSO: HIPAA compliant email
This is especially true with the recent move toward remote working and the increase in cyberattacks against healthcare. Today, we will determine if Trend Micro is HIPAA compliant or not.
Trend Micro is an American-Japanese cybersecurity software company founded in 1988. The company’s headquarters are in both Tokyo, Japan and Irving, Texas, United States. First developed as antivirus software, Trench Micro has expanded into hybrid cloud security, network defense, small business security, and endpoint security. The cybersecurity platform offers both free and paid security solutions depending on what a user is looking for. Currently, Trend Micro’s solutions protect 500,000+ organizations and 250+ million individuals across clouds, networks, and devices.
A major part of HIPAA compliance is ensuring a business associate will sign a business associate agreement (BAA). A business associate is a person or entity that performs certain functions or activities that involves the use or disclosure of PHI. In this instance, Trend Micro is a business associate for a healthcare organization if it scans or protects any documents or devices that contain electronic PHI (ePHI).
RELATED: Is a name PHI?
Generally, the HIPAA Privacy Rule allows healthcare providers to disclose PHI if they receive assurance that the information is protected through a signed BAA. While Trend Micro assesses HIPAA compliance on its website and states that a BAA is needed, there is no indication that the company offers its own.
Trend Micro provides an in-depth PDF, “ Addressing Compliance in Healthcare,” that specifies which standards its security solutions comply with. This includes HIPAA, the National Institute of Standards & Technology, and the European Union’s General Protection Regulation.
RELATED: What is NIST SP 800-171 and CMMC?
Trend Micro Cloud One also helps organizations understand and check compliance with standards and frameworks, including HIPAA. Moreover, the company is part of the HITRUST CyberAid program, designed to help smaller healthcare organizations address cyber risks. Accordingly, Trend Micro asserts that its solutions detect breaches caused by targeted attacks, unsecured medical devices, and security gaps. Its solutions protect different endpoints and cloud systems as well as mobile and IoT (Internet of Things) devices. Finally, the company provides an integrated data loss prevention plug-in to prevent data loss due to an attack.
The BAA is a key component of HIPAA compliance and we could not find any public information asserting that Trend Micro will sign a BAA. However, the company does address HIPAA in multiple places and seems to market itself to healthcare providers. Healthcare organizations can contact Trend Micro to confirm if it will sign a BAA or not.
RELATED: Your cybersecurity strategy is probably lacking
Conclusion: We cannot determine if Trend Micro can be HIPAA compliant or not.
The best approach to securing the most used threat vector (or entry point)—email—is strong email security (i.e., HIPAA compliant email). Paubox Email Suite Plus, our HITRUST CSF certified solution, provides needed cybersecurity, stopping cyberattacks before they cause complications. And every one of our accounts includes a Paubox BAA.
RELATED: Why healthcare providers should use HIPAA compliant email
Paubox Email Suite Plus works on all devices and can be sent directly from existing email platforms such as Google Workspace or Microsoft 365. Furthermore, Paubox’s email security solution utilizes strong zero-step email encryption as well as two-factor authentication. Your communication remains safe and secure at all times. Our solution also offers a new, patent-pending security feature, Zero Trust Email, which leverages email AI to add another layer of verification before any email is delivered. Even if a healthcare provider decides to use antivirus software, it is essential to layer it with other methods of cybersecurity. When looking to protect PHI, it's best to start with solid email security.