The Case for Automated Log Management in Meeting HIPAA Compliance
by A.N. Ananth - Prism Microsystems CEO - Wednesday, 28 November 2007.
The Impact of HIPAA

The Health Insurance Portability Accountability Act, better known as HIPAA, was passed in 1996 by the US Department of Health and Human Standards (HHS) to ensure the privacy and security of confidential patient health information. The Act mandates that all Covered Entities (CEs) must implement ‘reasonable and appropriate’ procedures for securing patient health information from security breaches, impermissible uses and/or disclosures, with severe penalties mandated to punish non-compliance.

In March, Atlanta's Piedmont Hospital became the first institution in the country to be audited for compliance with the security rules of HIPAA. The audit was conducted by the office of the inspector general at HHS and is being seen by some in the healthcare industry as a precursor to similar audits to come at other institutions.

A number of HIPAA requirements are focused towards the integrity of electronic protected health information (ePHI) – any personally identifiable health information that is handled electronically, including:
  • Controlling access to ePHI
  • Monitoring and auditing access to ePHI
  • Diagnosing potential security problems
  • Retaining records of access for a set period of time
  • Demonstrating to independent reviewers the processes that fulfill the requirements above.
In the Piedmont case, it was reported that HHS asked for this type of information to be provided within 10 days. In the absence of automated log management systems that record and maintain this information, producing it became a very challenging, manual effort.


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th