The Health Insurance Portability & Accountability Act of 1996, Public Law 104-191, which amended the Internal Revenue Service Code of 1986, also known as the Kennedy-Kassebaum Act, requires improved efficiency in healthcare delivery by standardizing electronic data interchange, as well as the protection of confidentiality and security of health data through setting and enforcing standards.
Virtually all healthcare organizations - including all healthcare providers, health plans, public health authorities, healthcare clearinghouses, and self-ensured employers - as well as life insurers, information systems vendors, various service organizations, and universities are effected by HIPAA. There are severe civil and criminal penalties for non-compliance, including fines up to $250K and/or imprisonment up to 10 years.
Compliance requirements are diverse, and include organizational, procedural and security standards. The Security Rule or Security Standards and Technical Safeguards is included in the Security Standards for the protection of Electronic Protected Health Information provision. This Standard is found at HIPAA 45 CFR Part 160 & Part 164, subparts A and C.
NitroSecurity provides a solution for the Access Control portion of the Security Rule, identified in Part 164.304 through 164.312 of the standard is defined as:
Access controls provide users with rights and/or privileges to access and perform functions using information systems, applications, programs, or files. Access controls should enable authorized users to access the minimum necessary information needed to perform job functions. Rights and/or privileges should be granted to authorized users based on a set of access rules that the covered entity is required to implement as part of 164.308(a)(4), the Information Access Management Standard under the Administration Safeguards section of the rule.
NitroGuard actively protects against potential electronic threats: NitroGuard IPS prevents malicious activity and intrusion, and can be placed at key points within the network; NitroView DBM provides direct protection of sensitive data by monitoring database activity and transactions. Each provide notification of threats that do occur, and are able to report upwards to a Security Information Management system such as NitroView ESM.
Correlating security events against network flow information within NitroView ESM enables the extrapolation of: the source or root cause of an attack; additional attack targets from the same source; the contamination vector of malicious code; and even the "patient zero" source of viruses. This mitigates security incidents and helps to quickly isolate additional, related threats.
NitroGuard IPS and NitroView DBM directly monitor inter- and intra- network activity, while NitroView ELM provides compliant mechanisms for recording this activity. In addition, NitroView ESM provides analysis and correlation capabilities that allow controllers to examine all activity together for both forensic and auditory purposes.
NitroView ELM tracks user activity within the database itself, while NitroView ESM correlates user identity through all aspects of the network for deep forensic capabilities. NitroView's integration with popular authentication systems and directories helps to ease the complexity associated with appropriately tracking and accounting for user authentication and verification.
|
Log in
