HIPAA: Protecting Healthcare Data

The global healthcare industry is experiencing a new surge of technology adoption. Healthcare payers, providers, and others are increasingly relying on HIPAA - coupled with changes to this critical healthcare law mandated by the HITECH Act and other pending regulations - to improve healthcare data standards, ensure greater interoperability between healthcare payers and providers, and provide consumers with extensive visibility into how their personal healthcare data is used.

But while improved transparency and healthcare service quality are important goals, healthcare faces new challenges as well. As debate over healthcare technology heats up, the need to implement effective controls to protect sensitive data becomes even more critical. Even organizations that have maintained HIPAA standards for many years are evaluating their level of compliance with this regulation again, in light of recent significant audits that have preceded multi-million dollar sanctions against well-known healthcare payers and providers Healthcare organizations affected by HIPAA face significant challenges, including:

  Unique Risks and Threats. In the healthcare industry it's no understatement to claim that a diagnosis or treatment based on inaccurate or missing data can be a life-or-death matter.

  Significant Audit Oversight. Continuous scrutiny means information security personnel must be able to quickly identify and report on the protection of healthcare data.

  Media Scrutiny. With today's mandatory data breach notification requirements, failure to properly protect data can result in a loss of reputation, money, and jobs.

So Much More than Log Data

HIPAA's information security standards require organizations to have visibility across a broad range of enterprise security information: system configurations, operating system and application logs, network flow data, vulnerability data, and even system performance metrics. Many organizations think that security information and event management (SIEM) or simple log management software is enough to meet HIPAA security reporting requirements, but it's not: in fact, SIEM and/or log management only address a small piece of the HIPAA puzzle, because these solutions are limited primarily to log and event data - only one of many types of security data required for comprehensive HIPAA security compliance. Other organizations may have multiple security point solutions to address a broader set of HIPAA requirements, but have no method to bring together data from these many different products into a single platform - an approach that leaves security and compliance personnel blind to the big picture of security and compliance across the enterprise.

HIPAAVue: Comprehensive HIPAA Compliance Auditing

HIPAAVue from eIQnetworks is a turnkey package that provides comprehensive information security management and HIPAA security compliance reporting from a single console. Using an integrated data model, HIPAAVue goes beyond traditional SIEM products, log management tools, and other security point solutions by providing users with the ability to:

  Collect, correlate, archive, analyze and report on all information required by HIPAA security standards: log, event, vulnerability, configuration, asset, performance and network flow data

  Instantly access a library of over 150 custom reports mapped directly to relevant portions of the latest HIPAA security standards rule

  Measure overall HIPAA security compliance to identify the why, when, where and how of violations and provide the information required for remediation.

HIPAAVue from eIQnetworks brings together all of the information security data from across your enterprise into a ''single pane of glass', for complete visibility into HIPAA security compliance and operations. HIPAAVue enables users to gain enterprise-wide analysis of all security data related to the HIPAA security standard, including asset and configuration data, logs and events, system vulnerabilities, network flows, and system performance. From comprehensive HIPAA security reporting, to hands-on security operations, HIPAAVue provides organizations with the most comprehensive HIPAA security compliance solution available in a single platform.

Standards Supported

HIPAA Security Rule (45 CFR Parts 160, 162 and 164; Final Rule)

Management Console

Web browser; certfied for use with Microsoft Internet Explorer and Mozilla FireFox

Data Sources

Logs: syslog; Windows Event Log API; ftp; NFS; CIFS; ODBC

Asset and Configuration data: WMI; ADSI; LSA; ssh; telnet; CPMI; LEA; SDEE; RDEP

Network flow data: NetFlow; C-Flow; J-Flow; S-Flow

Performance data: SNMP MIBs and traps, v1, v2, and v3

Native support for over 500 devices, operating systems, applications, and databases

Universal Parser for GUI-based integration of new and legacy data sources

Operating System

Windows Server 2003 R2 64-bit

CPUs

(2) Intel Xeon® Quad-Core

RAM

8GB DDR2

Storage

(4) 30GB SATA, 1.2TB on-board storage

Supports any attached file system for storage expansion, including SAN, NAS, and non-disk media

Network Interfaces

(2) 10/100/1000 Gigabit Ethernet

Chassis

2U

Dimensions

29.31'D x 17.5'W x 3.4'H

Power Supply

Dual Redundant, Auto-Sensing

HIPAAVue Database

Proprietary, high-performance flat-file

Data Compression

Up to 80:1

Authentication and Encryption

AES-192 cipher for data at rest and in transit

Local and Active Directory-based user authentication

Devices Supported

Up to 750 (license limited)

Maximum Sustained Throughput

10,000 events per second (EPS)

Certifications

NIST FIPS-140-2

NIAP Common Criteria EAL 2; in-process for EAL 4+

HIPAAVue

HIPAA Solution Brief

HIPAA Compliance Reporting

HIPAA Operational Security

SecureVue and the HITRUST Alliance

Support | Blog | Contact Us | Request a Quote

  

Products

Overview

SecureVue

PCIVue

NERCVue

HIPAAVue

 

HIPAAVue: Comprehensive HIPAA Compliance Auditing

HIPAAVue is a turnkey package that provides comprehensive information security management and HIPAA security compliance reporting from a single console. Using an integrated data model, HIPAAVue goes beyond traditional SIEM products, log management tools, and other security point solutions by providing users with the ability to:

  Collect, correlate, archive, analyze and report on all information required by HIPAA security standards: log, event, vulnerability, configuration, asset, performance and network flow data

  Instantly access a library of over 150 custom reports mapped directly to relevant portions of the latest HIPAA security standards rule

  Measure overall HIPAA security compliance to identify the why, when, where and how of violations and provide the information required for remediation.

 

Whitepaper

Compliance for Everyone: Implementing a Security Framework Approach to Address Compliance Mandates

Solution Briefs

 HIPAAVue Product Data Sheet

 HIPAAVue Compliance Reporting

 HIPAAVue Operational Security

© 2010 Copyright eIQnetworks, Inc. | All Rights Reserved Search | Site Map | Contact Us |