Simplifying HIPAA Compliance with Privileged Access Management and Vulnerability Management

Apr 4, 2017

Author:

Scott Lang

Sr. Director, Product Marketing at BeyondTrust

Simplifying HIPAA Compliance with Privileged Access Management and Vulnerability Management

Scott Lang

Sr. Director, Product Marketing at BeyondTrust

HIPAA Compliance

For healthcare-related organizations, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) has become a de facto standard for protecting the privacy and security of individually personally identifiable health information in the healthcare industry. Along with HITECH and HITRUST, the Security Rule within HIPAA are a triumvirate of regulations dealing specifically with Electronic Protected Health Information (EPHI). HIPAA lays out three types of security safeguards required for compliance: administrative, physical, and technical. As with any regulation, achieving and maintaining compliance can be a daunting resource-draining and expensive process. And although no one vendor can help you achieve every part of HIPAA, we sought to help you simplify it as much as possible.

In this blog I will briefly review the compliance challenges and then map BeyondTrust privileged access management and vulnerability management solutions into HIPAA.

Fines and Penalties: Compliance is Mandatory

With civil penalties ranging from $100 per incident to $1.5 million per year, the cost of violating provisions of HIPAA can be crippling to a healthcare organization.

Complexity, Time, and Resource Constraints: HIPAA Compliance can Distract from Core Operations

Applying, maintaining, and proving administrative, physical, and technical safeguards against electronic protected health information can quickly become a significant resource drain on even the most well-resourced IT organizations. Therefore, solutions are needed to help IT organizations quickly prove and maintain compliance with the Security Rule.

How Privileged Access Management and Vulnerability Management can Help

Since they can be used as fundamental technologies to achieving compliance with HIPAA, we’ve written a new technical brief that explains how to map BeyondTrust privileged access management and vulnerability management solutions to HIPAA requirements to more easily demonstrate and maintain compliance.

Mapping BeyondTrust PowerBroker and Retina Solutions to HIPAA Requirements

For a quick view of how BeyondTrust solutions map into these requirements, see the summary highlights table below.

HIPAA STANDARD	REF.	BeyondTrust Platform	Retina Vulnerability Management	PowerBroker for Unix & Linux	PowerBroker for Windows & Mac	PowerBroker Identity Services	PowerBroker Password Safe
Security Management Process	164.308(a)(1)
Workforce Security	164.308(a)(3)
Information Access Management	164.308(a)(4)
Security Awareness and Training	164.308(a)(5)
Contingency Plans	164.308(a)(7)
Evaluation	164.308(a)(8)
Business Associate Contracts and Other Arrangements	164.308(b)(1)
Access Control	164.312(a)(1)
Audit Controls	164.312(b)
Integrity	164.312(c)(1)
Person or Entity Authentication	164.312(d)
Transmission Security	164.312(e)(1)

What to do Next

Download the full HIPAA guide for a detailed requirement-by-requirement mapping of BeyondTrust PAM and VM solutions into HIPAA requirements. Remember: There is no magic bullet to achieving HIPAA compliance and no one vendor that can make you compliant with HIPAA Look for solutions that help you simplify it; BeyondTrust can help. Contact us today for a strategy session on your current HIPAA compliance efforts.