The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule provides consumers with important privacy rights and protections with respect to their health information, including important controls over how their health information is used and disclosed by health plans and health care providers. Ensuring strong privacy protections is critical to maintaining individuals’ trust in their health care providers and willingness to obtain needed health care services, and these protections are especially important where very sensitive information is concerned, such as mental health information, For additional information, you can visit the US Department of Health and Human Services or NIST.
Similar to other compliance requirements, there is no silver bullet product that can be purchased to ensure compliance with HIPAA/Hitech. Any security product that an organization purchases does need to be properly installed, configured, monitored and adjusted over time to ensure that it continually meets and potentially exceeds the requirements. Second before making any purchase, an organization should assess their environment and requirements.
The very first thing is you cannot protect what you do not know that you have – while some have a listing of their assets on a piece of paper, this still relies on someone to physically walk around and document, or you can choose to use a technology that can assist – Solar Windows Network Topology Mapper, which can map you network automatically in minutes, or Hexis NetBeat NAC, which can auto detect all assets (including mobile).
Then of course at the very heart of any compliance requirement is a firewall, with the Sophos UTM, an organization can choose their level or protection from a simple firewall with Intrusion Prevention to a full featured unified threat management system, complete with web security, mail security, as well as web server protection and wireless, as well as protection from APTs.
Along with a firewall , an organization should consider the purchase of some form of End Point Security (Sophos or Kaspersky), that will protect the users mobile devices/laptops. Endpoint protection provides for virus detection and removal, as well as data protection, enabling the organization to ensure that data stays in the organization and not transmitted via USB or email to inappropriate parties.
In addition, to add an extra layer of security, we have the Hexus NetBeat NAC, which enables organizations to determine who is on their network, automatically directing any untrusted asset to a guest area only. It provides for a snapshot of network assets, patch level, as well as deny any unknown traffic from your confidential information. With the NetBeat NAC, you can also develop a security policies and procedures manual, which can be updated as required, complete with time stamps of when changes were made. In addition it will block any traffic that is being sent out of the network to command and control centers, or choose the SolarWinds User Device Tracker.
Review of log files is essential as this provides detailed information as to the activity in your organization. Depending on your budget, expertise and requirement, we currently offer several tools.
SolarWinds Event & Log Management tool, which provides for easy installation, a comprehensive library for most compliance requirements, including HIPAA. This product is well suited for those organizations that have a limited budget, limited resources but needs to have the power of an SIEM that Enterprise/Global Organizations require.
AlertLogic, which is a cloud based solution.
For those organizations that require security analytics or advanced data analysis and already have deployed a robust SIEM product, the Hawkeye AP is a great addition, allowing an organization to capture petabytes of data to run queries against and then send to the SIEM.
Contact us for information on any of the products/services we offer, and how they can assist you with your HIPAA/HITECH ompliance requirements.
You can visit our white papers section of additional information on our products and how they can assist with compliance.