Health Insurance Portability and Accountability Act (HIPAA)

Network Security Assurance to Protect Privacy of Protected Health Information

The Health Insurance Portability and Accountability Act (HIPAA) established national standards for maintaining the privacy of protected health information. These standards are aimed at improving the efficiency and effectiveness of the US healthcare system by encouraging widespread use of electronic data interchange of health related data. The Administrative Simplifications (AS) provisions of HIPAA address the health data security and privacy requirements. It mandates that entities handling protected health information must put in place technical safeguards including access controls, encrypted communication, event logging and written records of detailed device configuration files. Covered entities must also document their HIPAA practices and make the records available to the Government for assessing compliance. 

Since health data is used, stored and exchanged within the IT environments of medical service providers, insurance companies and employers - network security and health monitoring is crucial to maintain the desired levels of data privacy. Both the WhatsUp family of Event Log Management solutions as well as the WhatsUp Gold family of infrastructure and applications monitoring and management products offer support towards maintaining the security of health data as required under HIPAA. Some illustrative examples of how each of these product families offer support for HIPAA compliance are provided below:

WhatsUp Event Log Management:

• Comprehensive collection and storage of user and system activity across all infrastructure that is  involved in protected health data processing, exchange and storage
• Real-time views of event log data enabling spot check audit and analysis to validate that adequate HIPAA compliance processes are in place
• Tracking and monitoring of individual user and group privileges to ensure access to protected health data is provided only on an as needed basis
• Identification of network security threats or compromised access to protected health data  through automated filtering, correlation and analysis of detailed event logs from multiple sources
• Forensic analysis of stored event logs to support HIPAA compliance audits and breach investigations

WhatsUp Gold Infrastructure and Application Management:

• Single platform coverage of all infrastructure components supporting health data processing, transmission and storage for complete visibility and assurance
• Monitoring of all access points on the network (physical and wireless) to prevent unauthorized connections to network segments that use and store personal health data
• Secure documentation and storage of startup and running configuration files for all network devices and maintenance of an audit trail of changes to file content over time.

Business Solutions

• Small & Midsized Business solutions
• Enterprise solutions
• Managed Service Providers
• Government

Management Solutions

• IT Management Solutions
• Fault & Availability Management
• Change & Configuration Management
• Traffic Analysis & Accounting
• Performance Management
• Security Information & Event Management

Compliance Solutions

• Overview
• PCI DSS
• Sarbanes-Oxley
• GLBA
• FISMA
• NISPOM
• HIPAA
• Basel II