The Case for Automated Log Management in Meeting HIPAA Compliance
by A.N. Ananth - Prism Microsystems CEO - Wednesday, 28 November 2007.
The Impact of HIPAA

The Health Insurance Portability Accountability Act, better known as HIPAA, was passed in 1996 by the US Department of Health and Human Standards (HHS) to ensure the privacy and security of confidential patient health information. The Act mandates that all Covered Entities (CEs) must implement ‘reasonable and appropriate’ procedures for securing patient health information from security breaches, impermissible uses and/or disclosures, with severe penalties mandated to punish non-compliance.

In March, Atlanta's Piedmont Hospital became the first institution in the country to be audited for compliance with the security rules of HIPAA. The audit was conducted by the office of the inspector general at HHS and is being seen by some in the healthcare industry as a precursor to similar audits to come at other institutions.

A number of HIPAA requirements are focused towards the integrity of electronic protected health information (ePHI) – any personally identifiable health information that is handled electronically, including:
  • Controlling access to ePHI
  • Monitoring and auditing access to ePHI
  • Diagnosing potential security problems
  • Retaining records of access for a set period of time
  • Demonstrating to independent reviewers the processes that fulfill the requirements above.
In the Piedmont case, it was reported that HHS asked for this type of information to be provided within 10 days. In the absence of automated log management systems that record and maintain this information, producing it became a very challenging, manual effort.

Spotlight

Fake "Online Ebola Alert Tool" delivers Trojan

Posted on 29 October 2014.  |  Cyber scammers continue to take advantage of the fear and apprehension surrounding the proliferation of the Ebola virus.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Oct 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //