Jump to content

Get Your
Free 30-Day Trial WhatsUp Gold

Health Insurance Portability and Accountability Act (HIPAA)

How the WhatsUp Gold Family of solutions can mitigate risk and protect personal health information (PHI) for HIPAA compliance

The Health Insurance Portability and Accountability Act (HIPAA) established national standards for maintaining the privacy of PHI. Entities handling protected health information – such as medical service providers, insurance companies and ANY employers handling PHI -- must put in place technical safeguards including access controls, encrypted communication, event logging and written records of detailed device configuration files. Covered entities must also document their HIPAA practices and make the records available to the government for assessing compliance.

Regulatory compliance is impacting the way you need to manage your network and infrastructure today. Without the right compliance- and security-centric IT management solutions in place, you could be setting yourself up for a costly audit, or worse, a security breach of colossal proportions. It could even result in a loss of funding if an organization is disqualified for stimulus money due to a breach or audit failure.

In addition to point-and-click reporting for HIPAA compliance, see how the WhatsUp Gold family of solutions can help you mitigate risk, protect privacy and access to protected healthcare information, and prove compliance with HIPAA regulations:

HIPAA Requirement

WhatsUp Gold Solution

How Solution Addresses HIPAA Requirement

§164.306 (a) General requirements

Covered entities must do the following:
(1) Ensure the confidentiality, integrity, and availability of all electronic protected health information the covered entity creates, receives, maintains, or transmits.
(2) Protect against any reasonably anticipated threats or hazards to the security or integrity of such information.
(3) Protect against any reasonably anticipated uses or disclosures of such information that are not permitted or required under subpart E of this part.

WhatsUp Gold

WhatsUp Log Management Suite

As an integral part of “common sense” compliance, both WUG and LMS have numerous features that support the general goals of HIPAA.

§164.308 (a) 1 (ii) (D) Information system activity review

Implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports.

WhatsUp Log Management Suite

Automatic Log Collection

Automatic log monitoring and alerting Scheduled reports against collected and monitored log information.

§164.308 (a ) 5 (ii) Implementation specifications

(B) Protection from malicious software. Procedures for guarding against, detecting, and reporting malicious software.
(C) Log-in monitoring. Procedures for monitoring log-in attempts and reporting discrepancies

WhatsUp Gold

WhatsUp Log Management Suite

WhatsUp Gold: Ensures anti-malware services are running, through service monitoring, reports on the installation of anti-malware solutions.

Log Management: Alerts and reports on user login as reported in system log files

164.308(a)(6)(ii) Security Incident Procedures

Implement policies and procedures to identify and respond to suspected or known security incidents, document security incidents and their outcomes, and mitigate, to the extent practicable, harmful effects of security incidents

WhatsUp Log Management Suite

Alarming on suspicious events and messages

Reporting on suspicious events and messages

164.312(b) Audit Controls

Implement mechanisms that record and examine activity in information systems that contain PHI

WhatsUp Log Management Suite

Automatic log collection and reporting

164.316(b)(2)(i) Maintain Documentation for 6 Years

You must maintain a written record (may be electronic) for any action or assessment which is required to be documented, and you must keep that documentation for six years

WhatsUp Log Management Suite

Long-term log storage with cryptographic data integrity


WhatsUp Log Management Report Includes

Security Rule §164.306 and Privacy Rule §164.530(c)

All of the following must be addressed for logging and reporting:

  • Password Aging
  • Consolidated Change Logs
  • User Privileges
  • NTFS Permissions
  • System Privileges
  • Role Permissions & Membership
  • Remote Access
  • User Access
  • Auditing Enabled
  • Account Management – Success/Failure
  • Directory Service Access – Success/Failure
  • System Events – Success/Failure
  • Object Access Attempts – Success/Failure
  • Object Deletions
  • Group Management
  • Password Reset Attempts by Users
  • Password Reset Attempts by Administrators or Account Operators
  • Computer Account Management
  • Directory Service Access Attempts
  • Logon Failures – Active Directory
  • Logon Failures – Local Logons