Echoworx Healthcare Privacy Solution Whitepaper

The Echoworx
Healthcare Encryption
Solution helps you to
comply to HIPAA
regulations

Toronto
4101 Yonge Street
Suite 708,
Toronto, ON, Canada
M2P 1N6

Atlanta
1890 The Exchange
Atlanta, GA
30339

London
27 Old Gloucester Street
London, United Kingdom
WC1N 3AX

Proprietary and confidential; for use by intended recipient only.

Introduction

!"#$%&##&#'$%()"*$%+',&-)./(-0&'10+-%$2-31%#'-0&'0&4"$0&*' 56')-7' .1'801.&(.' 9$.-)' &:-$)'-%*'*-.-'

(1::"%$(-31%#;' ' ,&-)./(-0&' 8019$*&0#<')-76&0#<' =%-%($-)' -*9$#10#<' -((1"%.-%.#<'&*"(-.10#<'-%*'
1./&0' 801>&##$1%-)'-*9$#10#' /-9&'&./$(-)' -%*' =*"($-06'*"3&#' .1'?&&8' 8&0#1%-)' $%>10:-31%'-51".'
./&$0' ()$&%.#@'(1%=*&%3-)' $%>10:-31%;' ',&-)./(-0&' 8019$*&0#'%&&*' .1'5&' -5)&'.1' .0"#.'./&$0' &:-$)'
(1::"%$(-31%#'-%*'0&*"(&'./&'0$#?'1>'*-:-+&'.1'./&$0'50-%*'0&#")3%+'>01:'$%>10:-31%'15.-$%&*'
./01"+/'$%.&0(&8.&*'&:-$);''A1%#":&0#'-0&'(1%(&0%&*' -51".'8&0#1%-)'#&("0$.6<'80$9-(6<'>0-"*'-%*'
$*&%3.6'./&B;'

C19&0%:&%.#' /-9&' -)#1' &%-(.&*' )&+$#)-39&' :&-#"0&#' .1' 801.&(.' ./&' 80$9-(6' 1>' 8&0#1%-)'
$%>10:-31%' 7/$(/' &$./&0' &D80&##)6' 10' $:8)$&*)6' -88)6' .1' 8&0#1%-)' $%>10:-31%' (1::"%$(-.&*'
&)&(.01%$(-))6;''E&*&0-)' -%*' #.-.&'+19&0%:&%.#'/-9&'&%-(.&*')&+$#)-31%'./-.' 801.&(.'./&'80$9-(6'1>'
8&0#1%-)' $%>10:-31%' +&%&0-))6<' -#' 7&))' -#' $%*"#.06F#8&($=(' )&+$#)-31%' ./-.' 801.&(.#' (1%=*&%3-)'
$%>10:-31%'>01:'"%-"./10$2&*'*$#()1#"0&'-%*'"#&;'

G0$9-(6' )&+$#)-31%' $:81#&#' -' +&%&0-)' 15)$+-31%' 1%' 5"#$%&##&#' -%*' +19&0%:&%.' .1' 801.&(.' ./&'
80$9-(6' -%*' #&("0$.6' 1>' 8&0#1%-)' -%*' 80$9-.&' $%>10:-31%;' ' H1:&' 80$9-(6' )&+$#)-31%' &D80&##)6'
0&4"$0&#' ./-.' #8&($=(' :&-#"0&#' 5&' .-?&%' .1' 801.&(.' -+-$%#.' "%-"./10$2&*' *$#()1#"0&' 1>'
&)&(.01%$(-))6' #.10&*' 10' (1::"%$(-.&*' $%>10:-31%;' 'I/&' .&#.'$#' 7/&./&0' J0&-#1%-5)&' :&-#"0&#K'
/-9&'5&&%' (1%#$*&0&*'-%*' $:8)&:&%.&*'.1'801.&(.'./&' 80$9-(6'1>'8&0#1%-)' $%>10:-31%;'' I/&0&'$#'
%1' )1%+&0' -' 0&-#1%-5)&' &D8&(.-31%' ./-.' &:-$)' (-%%1.' 5&' $%.&0(&8.&*' -%*' 0&-*' 7$./1".'
-"./10$2-31%;''

,LGMM' :-%*-.&#' ./&' 80$9-(6' -%*' #&("0$.6' 1>' 801.&(.&*' /&-)./' $%>10:-31%' NG,LO;' I/&' ,LGMM'
#&("0$.6' 0")&' 7-#' 8"5)$#/&*' $%' P-6' QRRS' -%*' #"5T&(.' .1' &%>10(&:&%.' >10' -))' (19&0&*' &%33&#'
#.-03%+' $%' M80$)' QRRU;'C$9&%' ./&' 801*"(39$.6'+-$%#' >10' /&-)./(-0&'801>&##$1%-)#' .1' (1::"%$(-.&'
7$./'8-3&%.#'-%*' 1./&0' *1(.10#'-%*'/&-)./'801>&##$1%-)#'9$-'&:-$)<'/&-)./(-0&'10+-%$2-31%#'%&&*'
.1')&9&0-+&'0&-)F3:&'&)&(.01%$('(1::"%$(-31%#<'5".'*1'#1'#&("0&)6;
'' New HIPAA
HIPAA at a glance Requirements

On February 17, 2009,

I/&' ,&-)./' L%#"0-%(&' G10.-5$)$.6' -%*' M((1"%.-5$)$.6' M(.' 1>' VWWX' N,LGMMO' &#.-5)$#/&#' %-31%-)' President Obama signed
#.-%*-0*#' .1' 801.&(.' ./&' 80$9-(6'1>' 8&0#1%-)' /&-)./' $%>10:-31%' 56'&#.-5)$#/$%+' #.-%*-0*#' ./-.' the American Recovery
801.&(.'$%*$9$*"-))6'$*&%3=-5)&'/&-)./'$%>10:-31%;''' and Reinvestment Act
into law. Embedded in
,&-)./' $%>10:-31%' $#' *&=%&*' -#' -%6' $%>10:-31%<'7/&./&0' 10-)' 10' 0&(10*&*' $%' -%6' >10:<' ./-.' the lengthy Stimulus Bill
is the Health Information
0&)-.&#'.1' ./&' 8-#.<'80&#&%.' 10' >"."0&'(1%*$31%' 1>' -%' $%*$9$*"-)' N,LGMM'Y'VVZVN[OO;' ' L%*$9$*"-))6'
Technology for Economic
$*&%3=-5)&' /&-)./' $%>10:-31%' $#' *&=%&*' -#' /&-)./' $%>10:-31%' ./-.' $*&%3=&#'./&'$%*$9$*"-)' 10' and Clinical Health Act
7$./'0&#8&(.'.1' 7/$(/' ./&0&'$#'-'0&-#1%-5)&'5-#$#' .1'5&)$&9&'./-.' ./&'$%>10:-31%'(-%'5&'"#&*' .1' ("HITECH Act") which
$*&%3>6'./&'$%*$9$*"-);' significantly expands
the scope of HIPAA.
,LGMM'$#'$%.&%*&*'.1'&%#"0&'./-.'/&-)./'8)-%#<'*1(.10#<'/1#8$.-)#'-%*'1./&0'/&-)./'(-0&'8019$*&0#' Many of the lawʼs new
HIPAA requirements take
.-?&' -880180$-.&' :&-#"0&#' .1'(1%.01)' /17' 8&0#1%-)' /&-)./' $%>10:-31%'#"(/'-#' 8-3&%.#@'/&-)./' effect at the beginning of
0&(10*#<'.&#.'0&#").#<'DF0-6#<'-%*'80&#(0$831%#<'$#'"#&*<'*$#()1#&*'-%*'801.&(.&*;'' 2010, so providers and
other covered entities
L%'10*&0'.1'.-?&'-*9-%.-+&'1>'&:-$)'(1::"%$(-31%'>10'./&'&\($&%.' -%*'3:&)6'.0-%#>&0'1>'8-3&%.' should begin planning for
$%>10:-31%<' /&-)./' (-0&' 80-(331%&0#' :"#.' .-?&' 0&-#1%-5)&' :&-#"0&#' .1' &%#"0&' ./-.' ./$#' compliance now.
$%>10:-31%'$#'801.&(.&*'>01:'"%-"./10$2&*'-((&##'-%*'*$#()1#"0&;''

Echoworx Healthcare Privacy Whitepaper

Who is impacted by HIPAA?
,LGMM' #.-.&#' ./-.' #&("0$.6' #.-%*-0*#' -%*' 0&4"$0&:&%.#' >10' ./&' :-$%.&%-%(&' 10' &)&(.01%$(' Did you know?
.0-%#:$##$1%'1>'/&-)./'$%>10:-31%'-88)6'.1'./&'>1))17$%+'8&0#1%#]''
The main government
agencies that enforce
^ !"#$%&' ($#)*]'+&%&0-))6'$%()"*$%+' /&-)./<'*&%.-)<'9$#$1%' -%*' 80&#(0$831%'*0"+'$%#"0&0#<',P_#<' HIPAA violations are the:
P&*$(-0&<'P&*$(-$*<'-%*')1%+F.&0:'(-0&'$%#"0&0#`'
CMS: Center of Medicare
& Medicaid Services
^ !"#$%&'+#,"'+$"#,-).&/0*"*]''>10'&D-:8)&<'5$))$%+'#&09$(&#<'0&80$($%+'(1:8-%$&#'10'-'(1::"%$.6'
/&-)./':-%-+&:&%.'$%>10:-31%'#6#.&:#`'-%*' O C R : O f fi c e o f C i v i l
Rights

^ !"#$%&' +#,"' (,/1-2",*' 7/1' .0-%#:$.' -%6'/&-)./' $%>10:-31%' $%' &)&(.01%$(' >10:' $%' (1%%&(31%' O I G : O f fi c e o f t h e
7$./'-'.0-%#-(31%'>10'-'J(19&0&*'&%3.6K;'' Inspector General.

,LGMM'*$(.-.&#'./-.'10+-%$2-31%#':"#.'&%#"0&'./-.]

^ 34#-$' 4"**#."*'(1%.-$%$%+'801.&(.&*' /&-)./' $%>10:-31%' -0&'#&("0&*<'&9&%' 7/&%' .0-%#:$a&*'

9$-'"%&%(068.&*')$%?#

^ 5")2",*'#)2',"6-7-")%*'-0&'8018&0)6'9&0$=&*'9$-'8&0#1%'10'&%3.6'-"./&%3(-31%

^ 34#-$'*",1",*'-%*'./&':&##-+&#'./&6'(1%.-$%'-0&'801.&(.&*

HIPAA requires emails to be secured for sending

Did you know?
b%(068.&*'&:-$)'$#'-%'$:810.-%.'(1::"%$(-31%#'(/-%%&)'>10'/&-)./'(-0&'801>&##$1%-)#;'' According to the OIG and
b-(/' 8&0#1%' )$#.&*' -519&' 7/1' :-$%.-$%#' 10' .0-%#:$.#' /&-)./' $%>10:-31%' :"#.' :-$%.-$%' CMS, there have been
0&-#1%-5)&'-%*'-880180$-.&'-*:$%$#.0-39&<'.&(/%$(-)<'-%*'8/6#$(-)'#->&+"-0*#'.1'&%#"0&' over 41,000 cases
r e p o r t e d o f H I PA A
./&'$%.&+0$.6'-%*' (1%=*&%3-)$.6'1>'./&'$%>10:-31%' N,LGMM'Y'VVZSN*ONQOO;''I/&#&'#->&+"-0*#':"#.'
violations since 2003.
-)#1'801.&(.' -+-$%#.' -%6'0&-#1%-5)6'-%3($8-.&*' ./0&-.#'10' /-2-0*#'.1'./&'#&("0$.6'10' '$%.&+0$.6'1>'
./&'$%>10:-31%'-%*'"%-"./10$2&*'"#&#'10'*$#()1#"0&#'1>'./&'$%>10:-31%;''

c%*&0',LGMM<'./&'d&8-0.:&%.'1>',&-)./'-%*',":-%'H&09$(&#'8"5)$#/&#'-'H&("0$.6'e")&':-%*-3%+'
./-.' &-(/' (19&0&*' &%3.6' *&9&)18' 81)$($&#<' 801(&*"0&#' -%*' (1%3%+&%(6' 8)-%#' >10' #&("0$%+'
$%>10:-31%;' 'I/&' ,LGMM'H&("0$.6'e")&'*1&#'%1.' &D80&##)6'801/$5$.' ./&' "#&'1>' &:-$)' >10' #&%*$%+'
&)&(.01%$(' 801.&(.&*' /&-)./'$%>10:-31%' NG,LO;'I/&'H&("0$.6' e")&' -))17#' >10' &)&(.01%$(' G,L'.1' 5&'
#&%.'19&0'-%'&)&(.01%$('18&%'%&.710?'-#')1%+'-#'$.'$#'-*&4"-.&)6'801.&(.&*;'

I/&'#.-%*-0*#'>10]'

^ '-((&##'(1%.01)<'N[U'AEe'Y'VX[;SVQN-OO'
8 '$%.&+0$.6'N[U'AEe'Y'VX[;SVQN(ONVOO<'-%*''
8 '.0-%#:$##$1%'#&("0$.6'N[U'AEe'Y'VX[;SVQN&ONVOO
''
0&4"$0&' (19&0&*' &%33&#'.1' $:8)&:&%.' 81)$($&#'-%*' 801(&*"0&#'.1' 0&#.0$(.' -((&##' .1<'801.&(.' ./&'
$%.&+0$.6'1><'-%*'+"-0*'-+-$%#.'./&'"%-"./10$2&*'-((&##'.1'&)&(.01%$('G,L;''

I/&' #.-%*-0*' >10' .0-%#:$##$1%' #&("0$.6' NY' VX[;SVQN&OO' -)#1' $%()"*&#' #8&($=(-31%#' >10' $%.&+0$.6'
(1%.01)#'-%*'&%(06831%;'I/$#':&-%#'./-.'./&'(19&0&*'&%3.6':"#.'-##&##'$.#'"#&'1>'18&%'%&.710?#<'
$*&%3>6'./&'-9-$)-5)&'-%*'-880180$-.&':&-%#'.1'801.&(.'&)&(.01%$('G,L'-#'$.'$#'.0-%#:$a&*<'#&)&(.'-'
#1)"31%<'-%*'*1(":&%.'./&'*&($#$1%;'

Echoworx Healthcare Privacy Whitepaper

Liability of Breach of HIPAA
L%'+&%&0-)<'=%&#'(-%'5&'$:81#&*'56'./&' d&8-0.:&%.' 1>',&-)./'-%*',":-%' H&09$(&#'1%'-'8&0#1%' Did you know?
7/1' *1&#'%1.'(1:8)6'7$./' #.-%*-0*#'#&.' >10./' "%*&0' ,LGMM'N,LGMM' Y'VVZXNVOO;''I/&'=%&'(-%'5&'
The main government
$:81#&*'&-(/' 3:&' -%' $%($*&%.' 1>' %1%F(1:8)$-%(&'1(("0#<'5".' 7$))'5&' (-88&*' -.' -':-D$:":' 1>' agencies that enforce
fQU<RRR' 8&0' (-)&%*-0' 6&-0;' ' I/&' =%&' :-6' %1.' 5&' $:81#&*' $>' ./&' >-$)"0&' .1' (1:8)6' 7$./' ./&' HIPAA violations are the:
#.-%*-0*#'7-#'*"&'.1'0&-#1%-5)&'(-"#&'0-./&0'./-%'.1'7$))>")' %&+)&(.'-%*'./&'$##"&'0&#")3%+'$%'-''
CMS: Center of Medicare
>-$)"0&'.1' (1:8)6'$#' (100&(.&*' 7$./$%'SR' *-6#'1>'7/&%' ./&' 8&0#1%' )$-5)&' >10'./&'8&%-).6'?%&7'10' & Medicaid Services
#/1")*'/-9&'?%17%'-51".'./&')-(?'1>'(1:8)$-%(&'N,LGMM'Y'VVZXN5ONSOO;'L%'-**$31%<'-'8&0#1%'7/1'
?%17$%+)6'15.-$%#'10'*$#()1#&#'$%*$9$*"-))6'$*&%3=-5)&'/&-)./'$%>10:-31%'$%'9$1)-31%'1>',LGMM;' O C R : O f fi c e o f C i v i l
Rights

c%*&0',LGMM<'./&'d&8-0.:&%.'1>',&-)./'-%*',":-%'H&09$(&#'8"5)$#/&#'-'H&("0$.6'e")&':-%*-3%+' O I G : O f fi c e o f t h e
./-.' &-(/' (19&0&*' &%3.6'>-(&#' -' =%&' 1>' fUR<RRR' -%*' "8' .1' 1%&F6&-0' $:80$#1%:&%.' N,LGMM' Y' Inspector General.
VVZZO;' ' I/&' (0$:$%-)' 8&%-)3&#' $%(0&-#&' .1' fVRR<RRR' -%*' "8' .1' =9&' 6&-0#'$:80$#1%:&%.' $>' ./&'
701%+>")'(1%*"(.'$%91)9&#'>-)#&'80&.&%#&#<'-%*'.1' fQUR<RRR' -%*' "8'.1'.&%' 6&-0#'$:80$#1%:&%.' $>'
./&'701%+>")' (1%*"(.' $%91)9&#'./&' $%.&%.' .1' #&))<'.0-%#>&0<'10' "#&'$%*$9$*"-))6'$*&%3=-5)&'/&-)./'
$%>10:-31%'>10'(1::&0($-)'-*9-%.-+&<'8&0#1%-)'+-$%<'10':-)$($1"#'/-0:'N,LGMM'Y'VVZZO;'
Encrypted Mail
How Echoworx Encryption helps you to comply to HIPAA? Gateway

b(/1710D' *&)$9&0#' ./&' /$+/&#.' )&9&)' 1>' &:-$)' -%*' *-.-' #&("0$.6' 56' 8019$*$%+' -' #.01%+' &:-$)' EMG end users do not
require any training, since
&%(06831%' -%*' *1(":&%.' &%(06831%' #1)"31%;' ' E01:' ./&' 5&+$%%$%+<'b(/1710D' /-#'>1("#&*' 1%'
policy enforcement and
8019$*$%+'./&':1#.'#&("0&'&:-$)'&%(06831%'#1)"31%#'7/$)&':-?$%+'./&'#1)"31%'./&'&-#$&#.'.1'"#&' encryption is completely
$%' ./&' $%*"#.06;' ' b(/1710D' &%(06831%' 801*"(.#' 8019$*&' #.01%+' 801.&(31%' >10' *-.-' 7/$)&' trans- parent. A user simply
.0-%#:$##1%'19&0'18&%'%&.710?#'*"&'.1'./&'"#&'1>'#&("0$.6'#.-%*-0*#'#"(/'-#'GgL<'HhPLPb<'i;URW<' composes the email, and the
-%*'IjH; content is automatically
scanned to detect whether
the message should be
Echoworx Encrypted Mail Gateway (EMG) encrypted before it is sent.
b(/1710D' b%(068.&*' P-$)' C-.&7-6' NbPCO' :-?&#' #&("0&' :&##-+$%+' -#' &-#6' .1' "#&' -%*' Standards-based
.0-%#8-0&%.' -#' %10:-)' &:-$);' ' bPC' -))17#' ,&-)./(-0&' 8019$*&0#' .1' #&.' k&D$5)&' 81)$($&#' ./-.' Encryption
-".1:-.&'./&'&%(06831%'1>'1".51"%*'&:-$)'7/$(/':$3+-.&'./&'0$#?#'1>'0&+")-.106'9$1)-31%#<'*-.-' PKI, S/MIME and X.509 AES,
)1##'-%*'(10810-.&'81)$(6'9$1)-31%#<'7$./1".'$:8-(3%+'*-6'.1'*-6'5"#$%&##'-(39$3&#;''bPC':-?&#' 128- bit SSL, 1024 bit RSA
$.' &-#6'.1' #/-0&' #&%#$39&' $%>10:-31%' 7$./' 1./&0' /&-)./(-0&'8019$*&0#<' 8-3&%.#<' -%*' $%*$9$*"-)' keys with MDS and SHA-1 for
strong encryption and digital
8/6#$($-%'1\(&#;
signature.
Rapid Deployment
l$./'bPC'./&0&' $#'%1' "#&0' .0-$%$%+'0&4"$0&*'-#'&:-$)' $#'&%(068.&*' -.' ./&'51"%*-06'10' +-.&7-6' A few deployment options are
5-#&*' 1%' .0$++&0&*' 81)$($&#;'I/&' b(/1710D' bPC' #1)"31%' -".1:-3(-))6'-%*' *6%-:$(-))6'-88)$&#' avail- able based on a
&%(06831%'10' *&(06831%' 5-#&*' 1%'61"0' 10+-%$2-31%@#'81)$($&#<'0$+/.'-.'./&'+-.&7-6;'M#'-'0&#").<' companyʼs preferred
&%*'"#&0#'*1'%1.'0&4"$0&'-%6'#8&($-)'.0-$%$%+'10'%&&*'.1'*17%)1-*'-%6'#8&($-)'#1B7-0&'.1'"#&'./&' configuration.
Secure Reply
#&09$(&; EMG allows anyone who
receives an Encrypted Mail
message to respond securely
without installing any
software.

Echoworx Healthcare Privacy Whitepaper

Policy Driven Encryption for HIPAA

c#$%+'-'#$:8)&'81$%.F-%*F()$(?'7&5'$%.&0>-(&<'&%.&080$#&#'(-%'&-#$)6'#&.'./&$0'&:-$)'&%(06831%'-%*'
djG' 81)$($&#'>10' ./&$0' &:-$)' (1%.&%.<'-%*'(-%' 0&9$&7' -%*'("#.1:$2&'./&#&' 0")&#' 7/&%'%&(&##-06;'
b%.&080$#&#'(-%'"3)$2&'./&'bPC'-*:$%'(1%#1)&'.1'-((&##'-"*$.'0&810.#'./-.' 7$))'$*&%3>6'(10810-.&' Did you know?
&:-$)'0$#?#'-%*'7/&0&'./&6'(-%' :1%$.10'1%+1$%+'(1::"%$(-31%'-%*'$>'%&(&##-06<'-).&0' ./&'&:-$)'
&%(06831%'-%*'djG'81)$($&#'.1':$3+-.&'0$#?#;' The list of 2010
Healthcare Common
Procedure Codes
I/&' bPC' G1)$(6' b%+$%&' -))17#' /&-)./(-0&' 10+-%$2-31%#' .1' $:8)&:&%.' &%(06831%' 5-#&*' 1%' (HCPCS) contain over
#8&($=(':&##-+&'(1%.&%.'-%*'#&%*&0'10'0&($8$&%.'$*&%3.6<'10'-#'>1))17#] 9,600 expressions. All of
the 2010 HCPCS codes
^ A1%=*&%3-)' $%>10:-31%' m' #1($-)' $%#"0-%(&<' (0&*$.' (-0*<' -((1"%.' %":5&0#<' 5-%?$%+' are built into the
Echoworx EMG solution.
.0-%#-(31%#<')1-%#'-%*'5-)-%(&#
^ G-3&%.'$%>10:-31%'F'G-3&%.'%":5&0#<'P&*$(-)'0&(10*'%":5&0#
^ L%#"0-%(&'L%>10:-31%'F'ndA'd0"+'n":5&0#
^ ,AGAH'A1*&#'>10'QRVR
^ ,LGMM'10$&%.&*'?&6710*#'-%*'0&+")-0'&D80&##$1%#
^ L%()"*&'*1:-$%'%-:&#<'#8&($=('+01"8#'7$./$%'./&'10+-%$2-31%
^ ,&-)./'L%>10:-31%'N8-3&%.'$*&%3=&0#<'/&-)./'(1%*$31%#O
^ c%$4"&' .&0:$%1)1+6' m' #8&($=(' .1' /&-)./(-0&' 9&03(-)#<' 8&0.-$%$%+' .1' 80180$&.-06'
$%>10:-31%'10'$%.&))&(."-)'8018&0.6
^ M))' 1>' ./&' -519&' (-%' -)#1' 0&)-.&' .1' :&##-+&' -a-(/:&%.#' #"(/' -#' &D(&)' #80&-*#/&&.#<'
GdE#'10'&D&(".-5)&'No;bibO'=)&#

Additional HIPAA Resources

9"7#,%4")%'/:'!"#$%&';'!04#)'5",1-6"*'<'!=(>>
I/&' 1\($-)' (&%.0-)' +19&0%:&%.-)' /"5' >10' -))' !=(>>' $##"&#' $%()"*$%+' 0")&#<' #.-%*-0*#' -%*'
$:8)&:&%.-31%'+"$*&#;
/a8]hh777;//#;+19h1(0h&-7##h
!"#$%&'=)*0,#)6"'(/,%#?-$-%@'#)2'>66/0)%#?-$-%@'>6%'F'l$?$8&*$-'AAA
I/&' I/&' !"#$%&' =)*0,#)6"' (/,%#?-$-%@' #)2' >66/0)%#?-$-%@' >6%' N!=(>>O' 1>' VWWX' NG;j;
VR[FVWVO'p!=(>>q'7-#'&%-(.&*'56'./&'c;H;'A1%+0&##'$%'VWWX;'AAA
/a8]hh&%;7$?$8&*$-;10+h;;;h,&-)./rL%#"0-%(&rG10.-5$)$.6r-%*rM((1"%.-5$)$.6rM(.

B1",1-"C'!=(>>'<'D")",#$'=):/,4#E/)
e&#81%#$5)&'>10'$:8)&:&%3%+'9-0$1"#'"%0&)-.&*'8019$#$1%#'1>'!=(>>;'L%()"*&#'-'*$0&(.106'1>'
APHs#'5"#$%&##'-(39$3&#'7$./'0&+-0*'.1'!=(>>;

(AFA'GHI<GJG
,bMjI,' LnHceMnAb'G_eIM!LjLIt'Mnd' MAA_cnIM!LjLIt'MAI' _E'VWWX' ;;;;;A1::&%.#h
#"++&#31%#'-%*'1./&0'4"&#31%#'-51".',LGMM'#/1")*'5&'*$0&(.&*'.1'./&'l&5'P-#.&0;
/a8]hh-#8&;//#;+19h-*:%#$:8h8)VR[VWV;/.:

Echoworx Healthcare Privacy Whitepaper

About Echoworx

b(/1710D'$#'-'8019$*&0'1>'#&("0$.6'#1)"31%#'>10'&%/-%($%+'80$9-(6'-%*'.0"#.'$%'*$+$.-)'
(1::"%$(-31%#;'b(/1710D'80$9-(6'-88)$(-31%#')&9&0-+&'./&'817&0'1>'b(/1710D'b%(06831%'
H&09$(&#'NbbHO'8)-u10:<'7/$(/'$#'/1#.&*'-.'H&("0&'d-.-'A&%.&0#'-01"%*'./&'+)15&;'M))'*-.-'$#'
&%(068.&*'"#$%+'$%*"#.06'.0"#.&*'#.-%*-0*'GgL'NG"5)$('g&6'L%>0-#.0"(."0&O'-%*'HhPLPb'
.&(/%1)1+$&#'>10'#.01%+'&%(06831%'-%*'*$+$.-)'#$+%-."0&#<'0&)6$%+'1%'#.-%*-0*'i;URW'(&03=(-.&#;'
b(/1710D'*-.-'80$9-(6'-88)$(-31%#'$%()"*&]'b%(068.&*'P-$)<'G1)$(6F5-#&*'b%(068.&*'P-$)'C-.&7-6<'
b%(068.&*'d1(":&%.#<'b%(068.&*'d1(":&%.'G0&#&%.:&%.<'-%*'b%(068.&*'P&##-+&'&i(/-%+&;'
b(/1710D'801*"(.#'-0&'("00&%.)6'1v&0&*'56')&-*$%+'(1::"%$(-31%'8019$*&0#'./-.'$%()"*&]'MIwI<'
!I<'H6:-%.&(<'j1+$(-APC<'I&)"#<'-%*'x&0$21%;

Copyright © 2010 – Echoworx Corporation. Do Not Distribute Without Permission.

All rights reserved.

This document is the intellectual, proprietary and confidential property of Echoworx Corporation. This document is
provided for informational purposes only and Echoworx makes no warranties, either express or implied. Information in
this document, including URLs and other Internet references, are subject to change without notice. The entire risk of
the use or the results of the use of this document remains with the user.

By accepting possession of this document the recipient agrees to keep the contents of this document in confidence
and not to redistribute, duplicate, or disclose the contents of this document unless otherwise agreed to by Echoworx
Corporation.

Echoworx Corporation. 4101 Yonge Street, Suite 708, Toronto, Ontario M2P 1N6 Canada, http://www.echoworx.com/