The California Department of Technology Services selected Apani Networks EpiForce software to secure the agency's data-in-motion and address HIPAA security requirements for compliance and ensure confidentiality of patient medical records, the company announced last week.

The California State Department of Technology Services (DTS) is responsible for providing IT and project management services for state departments, county and city governments, and local services throughout California. DTS will use EpiForce, a centralized security management software system, to ensure network communications are secure between multiple networking technologies and operating system platforms for its proprietary patient records management application.

"We initially evaluated an IPSec solution for our security and compliance requirements, but it lacked the scalability we needed, and simply couldn't handle the multiple operating system platforms we use," said Tim Funk, senior director of IT security, Department of Technology Services. "EpiForce was selected for its flexibility, scalability and ability to deploy secure communications within our heterogeneous network environment. We are rolling out EpiForce to other departments when sensitive internal data communications must be secured within the network perimeter."

The solution "supports each of DTS's governmental constituencies from Children's Welfare Department to the University of California, and will scale to secure the records of tens of thousands of unique users," said David M. Lynch, vice president of marketing for Apani Networks.

Operating at the network layer, EpiForce is transparent to users and applications. It secures data flows and logically segments the network into security zones, allowing IT managers to apply defense-in-depth strategies to secure the network. By controlling access to critical devices and encrypting internal data flows, EpiForce protects against an insider attack and mitigate the impact of a perimeter security breach.

As part of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), organizations must protect communications containing sensitive healthcare information when transmitted electronically across open networks. HIPAA compliance requires that this information be kept confidential and protected from intruders who may try to access systems through external communication points.