Vormetric and Fortex Technologies Partner to Help Organizations Meet HITECH Act and PCI DSS Requirements

Vormetric, Inc., a provider of enterprise systems encryption and key management solutions, and Fortrex Technologies, Inc., a provider of services and systems for IT security, operational risk, and compliance, have formed a strategic partnership to address the needs of organizations facing regulatory compliance data protection requirements, including the HITECH Act and the Payment Card Industry (PCI) Data Security Standard (DSS).

With this partnership, Fortrex, a certified assessor for the Health Information Trust Alliance (HITRUST) Common Security Framework (CSF) and PCI DSS Qualified Security Assessor (QSA) company, will offer Vormetric Data Security.  Meeting HITECH, HIPAA, and PCI DSS information security requirements is a complex process that requires very specialized domain expertise, according to the vendors.

"To have a partnership between an encryption vendor and a certified assessor means that the assessor has reviewed the technology and made sure that all of the features within the technology fit all the detailed requirements under the regulations - and there are quite a few," Gretchen Hellman, vice president of marketing and product management, Vormetric, tells 5 Minute Briefing. The PCI DSS has strict key management practices and also requirements beyond encryption to do separation of duties and role-based access control, which encryption can be effectively leveraged for, Hellman explains. "And, on the healthcare side of the equation, the HITECH Act sets forth stringent requirements in terms of what an encryption system has to look like to actually provide protection, including everything from strong key management practices, separation of duties, and also the ability to centrally and seamlessly manage keys."

The Health Information Technology for Economic and Clinical Health (HITECH) Act was introduced in 2009 to promote the adoption and meaningful use of health information technology. As part of this effort, the HITECH Act strengthens HIPAA security enforcement and requires nationwide data breach disclosure for unprotected health data. The PCI Security Standards Council offers robust and comprehensive standards and supporting materials to enhance payment card data security. The keystone is the PCI Data Security Standard (PCI DSS), which provides an actionable framework for developing a robust payment card data security process - including prevention, detection and appropriate reaction to security incidents.

As a certified assessor for the HITRUST CSF and a PCI DSS QSA company, Fortrex provides security control evaluations for healthcare organizations, Service Providers, and Merchants. Fortrex also offers guidance on how to implement CSF guidelines and PCI DSS requirements, including encryption. Working with Vormetric, Fortex will provide customized solutions designed to secure data from unauthorized access, meet regulatory requirements, and prevent breaches that can result in fines and impact customer loyalty.  Encrypting personally identifiable data also provides safe harbor protection against having to notify customers if a security breach occurs.

Vormetric Data Security enables enterprises to implement strong encryption to protect structured and unstructured data where ever it resides. Vormetric is completely transparent to applications and databases, so no modifications to the IT infrastructure are required. Vormetric also provides centralized, secure key management and strong separation of duties which protects against unauthorized data access by administrators.

Vormetric supports all leading databases, including IBM DB2, Microsoft SQL Server, Oracle, Informix, MySQL and others as well as unstructured data stores on a variety of Linux, Unix and Windows Platforms.

For more information about Fortrex, visit
For more information about Vormetric, visit