Health Insurance Portability & Accountability Act (HIPAA)

 

Administrative Procedures to Guard Data Confidentiality, Integrity

and Availability

 

Requirement

Solution

§         Periodic inventory of hardware/software assets

§         IT Assets Report

§         Periodic security testing, including hands-on functional testing, penetration testing, and verification

§         Vulnerability Scanning and Assessment

§         Intrusion monitoring

§         Firewall monitoring

§         Patch Assessment

§         Business Partner Agreements

§         Appropriate contractual language to preserve “chain of trust”

§         Contingency plan requiring formal assessment of the sensitivity, vulnerabilities, and security of covered entities

§         Vulnerability Scanning and Assessment

§         Intrusion monitoring

§         Firewall monitoring

§         Patch Assessment

§         Proactive vulnerability assessments

§         Network Vulnerability Assessment

§         Windows Intrusion monitoring

§         Vulnerability scanning

§         Patch Assessment

Technical Security Services

Requirement

Solution

§         Ongoing monitoring of information system to determine if system has been compromised, misused or accessed by unauthorized individuals

§         Overall IT monitoring

§         Off-site Monitoring and Management

§         Intrusion Monitoring/Alerting

Technical Security Mechanisms

Requirement

Solution

§         Event reporting mechanisms

§         Automated security alerts, notification, and escalation capabilities

§         Threshold-setting

§         Alarm System

§         Audit Trails

§         Real-time intrusion alerts; monthly intrusion summaries: login/logout activity by user/device; failed login details report; account modification activity by user/account report