The Case for Automated Log Management in Meeting HIPAA Compliance
by A.N. Ananth - Prism Microsystems CEO - Wednesday, 28 November 2007.
The Impact of HIPAA

The Health Insurance Portability Accountability Act, better known as HIPAA, was passed in 1996 by the US Department of Health and Human Standards (HHS) to ensure the privacy and security of confidential patient health information. The Act mandates that all Covered Entities (CEs) must implement ‘reasonable and appropriate’ procedures for securing patient health information from security breaches, impermissible uses and/or disclosures, with severe penalties mandated to punish non-compliance.

In March, Atlanta's Piedmont Hospital became the first institution in the country to be audited for compliance with the security rules of HIPAA. The audit was conducted by the office of the inspector general at HHS and is being seen by some in the healthcare industry as a precursor to similar audits to come at other institutions.

A number of HIPAA requirements are focused towards the integrity of electronic protected health information (ePHI) – any personally identifiable health information that is handled electronically, including:
  • Controlling access to ePHI
  • Monitoring and auditing access to ePHI
  • Diagnosing potential security problems
  • Retaining records of access for a set period of time
  • Demonstrating to independent reviewers the processes that fulfill the requirements above.
In the Piedmont case, it was reported that HHS asked for this type of information to be provided within 10 days. In the absence of automated log management systems that record and maintain this information, producing it became a very challenging, manual effort.

Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Aug 29th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //