The Case for Automated Log Management in Meeting HIPAA Compliance
by A.N. Ananth - Prism Microsystems CEO - Wednesday, 28 November 2007.
The Impact of HIPAA

The Health Insurance Portability Accountability Act, better known as HIPAA, was passed in 1996 by the US Department of Health and Human Standards (HHS) to ensure the privacy and security of confidential patient health information. The Act mandates that all Covered Entities (CEs) must implement ‘reasonable and appropriate’ procedures for securing patient health information from security breaches, impermissible uses and/or disclosures, with severe penalties mandated to punish non-compliance.

In March, Atlanta's Piedmont Hospital became the first institution in the country to be audited for compliance with the security rules of HIPAA. The audit was conducted by the office of the inspector general at HHS and is being seen by some in the healthcare industry as a precursor to similar audits to come at other institutions.

A number of HIPAA requirements are focused towards the integrity of electronic protected health information (ePHI) – any personally identifiable health information that is handled electronically, including:
  • Controlling access to ePHI
  • Monitoring and auditing access to ePHI
  • Diagnosing potential security problems
  • Retaining records of access for a set period of time
  • Demonstrating to independent reviewers the processes that fulfill the requirements above.
In the Piedmont case, it was reported that HHS asked for this type of information to be provided within 10 days. In the absence of automated log management systems that record and maintain this information, producing it became a very challenging, manual effort.


(IN)SECURE Magazine issue 45 released

(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Learn about personal data bankruptcy and the cost of privacy, security and compliance, delivering digital security to a mobile world, and much more.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Wed, Mar 4th