Enacted by the United States Congress in 1996, the Health Insurance Portability and Accountability Act (HIPAA) provides provisions to protect health insurance coverage for workers and their families when they change or lose their jobs, and require the establishment of national standards for electronic healthcare transactions and national identifiers for providers, health insurance plans, and employers. Along with HITECH and HITRUST, HIPAA has become a de facto standard for protecting the privacy and security of individually personally identifiable health information in the healthcare industry.
The Security Rule within HIPAA deals specifically with Electronic Protected Health Information (EPHI). It lays out three types of security safeguards required for compliance: administrative, physical, and technical.
Since these are fundamental technologies to achieving compliance, this technical brief explains how to map BeyondTrust privileged access management and vulnerability management solutions to HIPAA requirements to more easily demonstrate and maintain compliance.