COMPLIANCE SOLUTIONS

HIPAA

Meet HIPAA requirements with privileged access management and vulnerability management solutions from BeyondTrust.

Simplifying HIPAA Compliance

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) has become a de facto standard for protecting the privacy and security of individually personally identifiable health information in the healthcare industry. Along with HITECH and HITRUST, the Security Rule within HIPAA deals specifically with Electronic Protected Health Information (EPHI). HIPAA lays out three types of security safeguards required for compliance: administrative, physical, and technical. As with any regulation, achieving and maintaining compliance can be a daunting, resource-draining, and expensive process. And, although no one vendor can help you achieve every part of HIPAA, BeyondTrust can help you simplify it as much as possible.

Address 11 HIPAA Requirements with BeyondTrust Cybersecurity Solutions

Security Management Process: Ref. 164.308(a)(1)

Security Management Process: Ref. 164.308(a)(1)

BeyondTrust solutions manage, monitor and report on all privileged user activity, as required by the Information System Activity Review specification. This is backed by threat analytics capabilities that detect and alert you to security violations.

Workforce Security: Ref. 164.308(a)(3)

Workforce Security: Ref. 164.308(a)(3)

With our privilege management solutions, you can address the Authorization and/or Supervision specification with fine-grained, policy-based server access controls, plus the ability define and enforce endpoint access rules.

Information Access Management: Ref. 164.308(a)(4)

Information Access Management: Ref. 164.308(a)(4)

Address specifications for Access Authorization and Access Establishment and Modification with our solutions for privilege management, password management, vulnerability management, and Active Directory bridging.

Security Awareness and Training: Ref. 164.308(a)(5)

Security Awareness and Training: Ref. 164.308(a)(5)

BeyondTrust solutions support adherence with specifications for Protection from Malicious Software, Password Management, and Log-in Monitoring with several capabilities. See Mapping BeyondTrust Solutions to HIPAA Requirements for full details.

Contingency Plans: Ref. 164.308(a)(7)

Contingency Plans: Ref. 164.308(a)(7)

With PowerBroker for Unix & Linux, you can augment Data Backup Plan procedures by backing up all audit trails produced by this solution for server privilege management.

Evaluation: Ref. 164.308(a)(8)

Evaluation: Ref. 164.308(a)(8)

Several BeyondTrust solutions support the Evaluation specification via in-depth reporting on security exposures identified by on-board Retina vulnerability management capabilities.

Access Control: Ref. 164.312(a)(1)

Access Control: Ref. 164.312(a)(1)

BeyondTrust helps you adhere to specifications for Unique User Identification, Emergency Access Procedure, Automatic Logoff, and Encryption and Decryption with our privilege management, password management and AD bridging solutions.

Audit Controls: Ref. 164.312(b)

Audit Controls: Ref. 164.312(b)

Our PowerBroker privilege management solutions for servers and endpoints enable you to audit all privileged user activity and search, review and report against all audit logs.

Integrity: Ref. 164.312(c)(1)

Integrity: Ref. 164.312(c)(1)

With PowerBroker for Windows, you can perform file integrity monitoring of directories and files on Windows servers and endpoints to support the Mechanism to Authenticate Electronic Protected Health Information specification.

Person or Entity Authentication: Ref. 164.312(d)

Person or Entity Authentication: Ref. 164.312(d)

PowerBroker solutions enable you to eliminate shared accounts and can require users to re-authenticate prior to performing sensitive operations. BeyondTrust Retina supports this safeguard by detecting user accounts lacking passwords.

Transmission Security: Ref. 164.312(e)(1)

Transmission Security: Ref. 164.312(e)(1)

BeyondTrust solutions encrypt all related network traffic by default, thus encrypting any ePHI data in audit trails or other traffic associated with our software.