Simplifying HIPAA Compliance with Privileged Access Management and Vulnerability Management

Scott Lang, April 4th, 2017

HIPAA Compliance

For healthcare-related organizations, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) has become a de facto standard for protecting the privacy and security of individually personally identifiable health information in the healthcare industry. Along with HITECH and HITRUST, the Security Rule within HIPAA are a triumvirate of regulations dealing specifically with Electronic Protected Health Information (EPHI). HIPAA lays out three types of security safeguards required for compliance: administrative, physical, and technical. As with any regulation, achieving and maintaining compliance can be a daunting resource-draining and expensive process. And although no one vendor can help you achieve every part of HIPAA, we sought to help you simplify it as much as possible.

In this blog I will briefly review the compliance challenges and then map BeyondTrust privileged access management and vulnerability management solutions into HIPAA.

Ready to get started? Download our technical brief and learn how BeyondTrust solutions map to HIPAA guidelines.
Download now

Fines and Penalties: Compliance is Mandatory

With civil penalties ranging from $100 per incident to $1.5 million per year, the cost of violating provisions of HIPAA can be crippling to a healthcare organization.

Complexity, Time, and Resource Constraints: HIPAA Compliance can Distract from Core Operations

Applying, maintaining, and proving administrative, physical, and technical safeguards against electronic protected health information can quickly become a significant resource drain on even the most well-resourced IT organizations. Therefore, solutions are needed to help IT organizations quickly prove and maintain compliance with the Security Rule.

How Privileged Access Management and Vulnerability Management can Help

Since they can be used as fundamental technologies to achieving compliance with HIPAA, we’ve written a new technical brief that explains how to map BeyondTrust privileged access management and vulnerability management solutions to HIPAA requirements to more easily demonstrate and maintain compliance.

Mapping BeyondTrust PowerBroker and Retina Solutions to HIPAA Requirements

For a quick view of how BeyondTrust solutions map into these requirements, see the summary highlights table below.

HIPAA STANDARD REF.
BeyondTrust Platform
Retina Vulnerability Management
PowerBroker for Unix & Linux
PowerBroker for Windows & Mac
PowerBroker Identity Services
PowerBroker Password Safe
Security Management Process 164.308(a)(1)
Workforce Security 164.308(a)(3)
Information Access Management 164.308(a)(4)
Security Awareness and Training 164.308(a)(5)
Contingency Plans 164.308(a)(7)
Evaluation 164.308(a)(8)
Business Associate Contracts and Other Arrangements 164.308(b)(1)
Access Control 164.312(a)(1)
Audit Controls 164.312(b)
Integrity 164.312(c)(1)
Person or Entity Authentication 164.312(d)
Transmission Security 164.312(e)(1)

What to do Next

Download the full HIPAA guide for a detailed requirement-by-requirement mapping of BeyondTrust PAM and VM solutions into HIPAA requirements. Remember: There is no magic bullet to achieving HIPAA compliance and no one vendor that can make you compliant with HIPAA Look for solutions that help you simplify it; BeyondTrust can help. Contact us today for a strategy session on your current HIPAA compliance efforts.