Making Sure Your Organization’s Data is in Compliance with HIPAA
WHAT IS THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA)?
The security measures of HIPAA are similar to those of other standards and guidelines, and are intended to protect individually identifiable health information, as well as the confidentiality provisions of the HIPAA Security Rule, which protects individual’s electronic personal health information that is created, received, used, or maintained by an organization. The Security Rule requires appropriate technical safeguards are in place to ensure the confidentiality, integrity, and security of electronic protected health information.
DO I NEED TO COMPLY WITH HIPAA?
Your organization MUST comply with HIPAA if it is:
This includes health care providers, health plan organizations, and health care clearinghouses.
Organizations brought in to help a covered entity carry out its health care activities and functions.
HOW Stealthbits ENABLES HIPAA COMPLIANCE
Stealthbits’ solutions provide visibility into who is logging into what areas of the enterprise and keeps track of what users are doing within critical systems and applications like Active Directory, File Systems, Exchange, and SharePoint. This is achieved through real-time security monitoring, advanced log analysis, and mapping activity back to organizationally defined security and business procedures.
Organizations with comprehensive information security policies must ensure their business is continuously monitoring security messages and events generated by logon behavior from systems within the enterprise that store and/or provide access to healthcare data. An enterprise that installs Stealthbits Technologies’ solutions – choosing to perform no other action – ensures their organizational efforts will be successful towards creating and maintaining an enterprise security policy around healthcare data.
Stealthbits SOLUTIONS FOR THE HIPAA COMPLIANCE FRAMEWORK
Standard | Section | Implementation Specifications (R) = Required, (A) = Addressable | Report Mapping | Capability Mapping |
---|---|---|---|---|
Security Management Process | 164.308(a)(1) | Risk Analysis (R) | Auditing Governance |
Data Access Governance File Activity Monitoring Sensitive Data Discovery File Classification |
Assigned Security Responsibility | 164.308(a)(2) | (R) | Access Auditing Credentials Governance Privileged Access |
Data Access Governance File Activity Monitoring Sensitive Data Discovery File Classification |
Workforce Security | 164.308(a)(3) | Authorization and/or Supervision (A) | Access Auditing Credentials Governance Privileged Access |
Configuration Auditing Privileged Access Auditing Data Classification Sensitive Data Discovery Data Access Governance Privileged Account Management |
Workforce Clearance Procedure | Access Auditing Credentials Governance Privileged Access |
Configuration Auditing Privileged Access Auditing Data Classification Sensitive Data Discovery Data Access Governance Privileged Account Management |
||
Termination Procedures (A) | Access Auditing Credentials Governance Privileged Access |
Configuration Auditing Privileged Access Auditing Data Classification Sensitive Data Discovery Data Access Governance Privileged Account Management |
||
Information Access Management | 164.308(a)(4) | Isolating Health care Clearinghouse Function (R) | Access Auditing Credentials Governance Privileged Access |
Configuration Auditing Privileged Access Auditing Data Classification Sensitive Data Discovery Data Access Governance Privileged Account Management |
Access Authorization (A) | Access Auditing Credentials Governance Privileged Access |
Configuration Auditing Privileged Access Auditing Data Classification Sensitive Data Discovery Data Access Governance Privileged Account Management |
||
Access Establishment and Modification (A) | Access Auditing Credentials Governance Privileged Access |
Configuration Auditing Privileged Access Auditing Data Classification Sensitive Data Discovery Data Access Governance Privileged Account Management |
||
Security Awareness and Training | 164.308(a)(5) | Security Reminders (A) | Access Auditing Credentials Governance Privileged Access |
Configuration Auditing Privileged Access Auditing Data Classification Sensitive Data Discovery Data Access Governance Privileged Account Management |
Protection from Malicious Software (A) | Configuration | Threat Detection User Behavior Analytics File Activity Monitoring |
||
Log-in Monitoring (A) | Access Auditing Credentials Governance Privileged Access |
Configuration Auditing Privileged Access Auditing Data Classification Sensitive Data Discovery Data Access Governance Privileged Account Management |
||
Password Management (A) | Access Auditing Credentials Governance Privileged Access |
Configuration Auditing Privileged Access Auditing Data Classification Sensitive Data Discovery Data Access Governance Privileged Account Management |
||
Security Incident Procedures | 164.308(a)(6) | Response and Reporting (R) | Goverance | Data Access Governance |
Contingency Plan | 164.308(a)(7) | Data Backup Plan (R) | ||
Disaster Recovery Plan (R) | Access Auditing Credentials Governance Privileged Access |
Stealthbits offers rollback and recovery capabilities for Active Directory, enabling organizations to easily roll back changes or restore deleted or corrupted objects with attributes, as well as schedule backups on an interval of their choosing. | ||
Emergency Mode Operation Plan (R) | Stealthbits offers rollback and recovery capabilities for Active Directory, enabling organizations to easily roll back changes or restore deleted or corrupted objects with attributes, as well as schedule backups on an interval of their choosing. | |||
Testing and Revision Procedure (A) | Stealthbits offers rollback and recovery capabilities for Active Directory, enabling organizations to easily roll back changes or restore deleted or corrupted objects with attributes, as well as schedule backups on an interval of their choosing. |
© 2022 Stealthbits Technologies, Inc.