How the WhatsUp Gold Family of solutions can mitigate risk and protect personal health information (PHI) for HIPAA compliance
The Health Insurance Portability and Accountability Act (HIPAA) established national standards for maintaining the privacy of PHI. Entities handling protected health information – such as medical service providers, insurance companies and ANY employers handling PHI -- must put in place technical safeguards including access controls, encrypted communication, event logging and written records of detailed device configuration files. Covered entities must also document their HIPAA practices and make the records available to the government for assessing compliance.
Regulatory compliance is impacting the way you need to manage your network and infrastructure today. Without the right compliance- and security-centric IT management solutions in place, you could be setting yourself up for a costly audit, or worse, a security breach of colossal proportions. It could even result in a loss of funding if an organization is disqualified for stimulus money due to a breach or audit failure.
In addition to point-and-click reporting for HIPAA compliance, see how the WhatsUp Gold family of solutions can help you mitigate risk, protect privacy and access to protected healthcare information, and prove compliance with HIPAA regulations:
HIPAA Requirement |
WhatsUp Gold Solution |
How Solution Addresses HIPAA Requirement |
|
§164.306 (a) General requirements
Covered entities must do the following:
(1) Ensure the confidentiality, integrity, and availability of all electronic protected health information the covered entity creates, receives, maintains, or transmits.
(2) Protect against any reasonably anticipated threats or hazards to the security or integrity of such information.
(3) Protect against any reasonably anticipated uses or disclosures of such information that are not permitted or required under subpart E of this part.
|
WhatsUp Gold
WhatsUp Log Management Suite
|
As an integral part of “common sense” compliance, both WUG and LMS have numerous features that support the general goals of HIPAA.
|
|
§164.308 (a) 1 (ii) (D) Information system activity review
Implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports.
|
WhatsUp Log Management Suite
|
Automatic Log Collection
Automatic log monitoring and alerting
Scheduled reports against collected and monitored log information.
|
|
§164.308 (a ) 5 (ii) Implementation specifications
Implement:
(B) Protection from malicious software. Procedures for guarding against, detecting, and reporting malicious software.
(C) Log-in monitoring. Procedures for monitoring log-in attempts and reporting discrepancies
|
WhatsConnected
WhatsUp Gold
WhatsUp Log Management Suite
|
WhatsConnected: Report on the installation of anti-malware solutions
WUG: Ensure anti-malware services are running, through service monitoring.
Log Management: Alerts and reports on user login as reported in system log files
|
|
164.308(a)(6)(ii) Security Incident Procedures
Implement policies and procedures to identify and respond to suspected or known security incidents, document security incidents and their outcomes, and mitigate, to the extent practicable, harmful effects of security incidents
|
WhatsUp Log Management Suite
|
Alarming on suspicious events and messages
Reporting on suspicious events and messages
|
|
164.312(b) Audit Controls
Implement mechanisms that record and examine activity in information systems that contain PHI
|
WhatsUp Log Management Suite
|
Automatic log collection and reporting
|
|
164.316(b)(2)(i) Maintain Documentation for 6 Years
You must maintain a written record (may be electronic) for any action or assessment which is required to be documented, and you must keep that documentation for six years
|
WhatsUp Log Management Suite
|
Long-term log storage with cryptographic data integrity
|
WUGspace