Data Protection for Compliance with HIPAA

Our solutions help ensure compliance with HIPAA using proven data protection technologies

How Does StrongKey Help With HIPAA?


This difficult-to-pronounce word is a synonym of a widely used technology in the payment processing industry: tokenization—a method of replacing real data with an encrypted “token” or representation of that data so it is unidentifiable.

StrongKey has been securing cardholder data
and payment information for over a decade using tokenization and encryption services backed by one of the most secure technologies: public key cryptography.

StrongKey’s tokenization offering is one of the strongest
means to meet HIPAA encryption requirements

Data Protection by Design

One of the most compelling tenets and memorable lines of GDPR is in Article 25: “Data protection by design and by default.” This expressly mandates that technical and organizational measures be taken to ensure that:

(1) data protection principles are designed into the system;
(2) only necessary data is processed for each purpose; and
(3) an approved certification method is used to demonstrate compliance.

Through our product architecture and accessible
documentation, StrongKey can help an organization
comply with this mandate both by design and by default.

Unambiguous Consent

HIPAA requires explicit consent from a user to allow their data to be processed and shared. However, to be sure the consent is legitimate, the user identity of all involved parties must be verifiable.

Using FIDO2 strong authentication, a user is verified through public-key cryptography without the use of a password, ensuring that the user is, in fact, who they say they are—making the consent legitimate and unambiguous.

StrongKey’s open source FIDO2 Server and our
authentication expertise can you create not just a
compliant environment, but also a more convenient,
password-free one

Data Integrity Verification

HIPAA mandates protection against the alteration of data (maintaining data integrity). Data integrity means the accuracy of the data remains over its life. This protects against accidental changes like human error or intentional attacks designed to alter the data.

One of the best ways to protect against alteration of data is to ensure its validity through digital signatures.

StrongKey easily integrates digital signature capability
into our customers’ transactions, applications, and
documents. Working in concert with our encryption and tokenization, this is an extremely strong way to meet HIPAA mandates for data integrity.