For healthcare-related organizations, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) has become a de facto standard for protecting the privacy and security of individually personally identifiable health information in the healthcare industry. Along with HITECH and HITRUST, the Security Rule within HIPAA are a triumvirate of regulations dealing specifically with Electronic Protected Health Information (EPHI). HIPAA lays out three types of security safeguards required for compliance: administrative, physical, and technical. As with any regulation, achieving and maintaining compliance can be a daunting resource-draining and expensive process. And although no one vendor can help you achieve every part of HIPAA, we sought to help you simplify it as much as possible.
In this blog I will briefly review the compliance challenges and then map BeyondTrust privileged access management and vulnerability management solutions into HIPAA.
Fines and Penalties: Compliance is Mandatory
With civil penalties ranging from $100 per incident to $1.5 million per year, the cost of violating provisions of HIPAA can be crippling to a healthcare organization.
Complexity, Time, and Resource Constraints: HIPAA Compliance can Distract from Core Operations
Applying, maintaining, and proving administrative, physical, and technical safeguards against electronic protected health information can quickly become a significant resource drain on even the most well-resourced IT organizations. Therefore, solutions are needed to help IT organizations quickly prove and maintain compliance with the Security Rule.
How Privileged Access Management and Vulnerability Management can Help
Since they can be used as fundamental technologies to achieving compliance with HIPAA, we’ve written a new technical brief that explains how to map BeyondTrust privileged access management and vulnerability management solutions to HIPAA requirements to more easily demonstrate and maintain compliance.
Mapping BeyondTrust PowerBroker and Retina Solutions to HIPAA Requirements
For a quick view of how BeyondTrust solutions map into these requirements, see the summary highlights table below.
| HIPAA STANDARD | REF. | BeyondTrust Platform |
Retina Vulnerability Management |
PowerBroker for Unix & Linux |
PowerBroker for Windows & Mac |
PowerBroker Identity Services |
PowerBroker Password Safe |
|---|---|---|---|---|---|---|---|
| Security Management Process | 164.308(a)(1) | ||||||
| Workforce Security | 164.308(a)(3) | ||||||
| Information Access Management | 164.308(a)(4) | ||||||
| Security Awareness and Training | 164.308(a)(5) | ||||||
| Contingency Plans | 164.308(a)(7) | ||||||
| Evaluation | 164.308(a)(8) | ||||||
| Business Associate Contracts and Other Arrangements | 164.308(b)(1) | ||||||
| Access Control | 164.312(a)(1) | ||||||
| Audit Controls | 164.312(b) | ||||||
| Integrity | 164.312(c)(1) | ||||||
| Person or Entity Authentication | 164.312(d) | ||||||
| Transmission Security | 164.312(e)(1) |
What to do Next
Download the full HIPAA guide for a detailed requirement-by-requirement mapping of BeyondTrust PAM and VM solutions into HIPAA requirements. Remember: There is no magic bullet to achieving HIPAA compliance and no one vendor that can make you compliant with HIPAA Look for solutions that help you simplify it; BeyondTrust can help. Contact us today for a strategy session on your current HIPAA compliance efforts.
Scott Lang, Sr. Director, Product Marketing at BeyondTrust
Scott Lang has nearly 20 years of experience in technology product marketing, currently guiding the product marketing strategy for BeyondTrust’s privileged account management solutions and vulnerability management solutions. Prior to joining BeyondTrust, Scott was director of security solution marketing at Dell, formerly Quest Software, where he was responsible for global security campaigns, product marketing for identity and access management and Windows server management.