
COMPLIANCE SOLUTIONS
HIPAA, HITECH & HITRUST IT Security
Meet healthcare compliance requirements with privileged access management and vulnerability management solutions from BeyondTrust.
Simplifying HIPAA Compliance
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) has become a de facto standard for protecting the privacy and security of individually personally identifiable health information in the healthcare industry. Along with HITECH and HITRUST, the Security Rule within HIPAA deals specifically with Electronic Protected Health Information (EPHI). HIPAA lays out three types of security safeguards required for compliance: administrative, physical, and technical. As with any regulation, achieving and maintaining compliance can be a daunting, resource-draining, and expensive process. And, although no one vendor can help you achieve every part of HIPAA, BeyondTrust can help you simplify it as much as possible.
BeyondTrust PowerBroker Privileged Access Management and Retina Enterprise Vulnerability Management solutions help proactively eliminate data breaches from insider privilege abuse and external hacking attacks. With an integrated risk intelligence platform, BeyondTrust cybersecurity solutions reveal critical risks hidden within volumes data to prevent breaches, maintain HIPAA compliance, and ensure business continuity.

HIPAA compliance checklist: with BeyondTrust, you can address 12 of 22 HIPAA requirements. Learn more in this tech brief.

The PowerBroker Privileged Access Management Platform consists of three powerful PAM solutions, backed by a common foundation of capabilities for asset discovery, compliance reporting and advanced threat and protection analytics.
Address 12 HIPAA Requirements with BeyondTrust Cybersecurity Solutions

Security Management Process: Ref. 164.308(a)(1)
BeyondTrust solutions manage, monitor and report on all privileged user activity, as required by the Information System Activity Review specification. This is backed by threat analytics capabilities that detect and alert you to security violations.

Workforce Security: Ref. 164.308(a)(3)
With our privilege management solutions, you can address the Authorization and/or Supervision specification with fine-grained, policy-based server access controls, plus the ability define and enforce endpoint access rules.

Information Access Management: Ref. 164.308(a)(4)
Address specifications for Access Authorization and Access Establishment and Modification with our solutions for privilege management, password management, vulnerability management, and Active Directory bridging.

Security Awareness and Training: Ref. 164.308(a)(5)
BeyondTrust solutions support adherence with specifications for Protection from Malicious Software, Password Management, and Log-in Monitoring with several capabilities. See Mapping BeyondTrust Solutions to HIPAA Requirements for full details.

Contingency Plans: Ref. 164.308(a)(7)
With PowerBroker for Unix & Linux, you can augment Data Backup Plan procedures by backing up all audit trails produced by this solution for server privilege management.

Evaluation: Ref. 164.308(a)(8)
Several BeyondTrust solutions support the Evaluation specification via in-depth reporting on security exposures identified by on-board Retina vulnerability management capabilities.

Access Control: Ref. 164.312(a)(1)
BeyondTrust helps you adhere to specifications for Unique User Identification, Emergency Access Procedure, Automatic Logoff, and Encryption and Decryption with our privilege management, password management and AD bridging solutions.

Integrity: Ref. 164.312(c)(1)
With PowerBroker for Windows, you can perform file integrity monitoring of directories and files on Windows servers and endpoints to support the Mechanism to Authenticate Electronic Protected Health Information specification.

Person or Entity Authentication: Ref. 164.312(d)
PowerBroker solutions enable you to eliminate shared accounts and can require users to re-authenticate prior to performing sensitive operations. BeyondTrust Retina supports this safeguard by detecting user accounts lacking passwords.

Transmission Security: Ref. 164.312(e)(1)
BeyondTrust solutions encrypt all related network traffic by default, thus encrypting any ePHI data in audit trails or other traffic associated with our software.