The Health Insurance Portability and Accountability Act (HIPAA) discusses certain safeguards that covered entities should implement to ensure the confidentiality, integrity, and availability of protected health information (PHI).
The HIPAA Security Rule contains five technical safeguards that concern electronic protected health information (EPHI). The Act is silent on specific methods and technologies to implement in order to be HIPAA compliant, which leads many covered entities unsure of how to proceed.
Through its advanced continuous configuration monitoring, CimTrak helps with the HIPAA compliance process, and helps meet several integrity controls under HIPAA including:
Security Management Process
Security Management Process- Risk Management
Security Management Process- Information System Activity Review
Security Awareness, Training, and Tools – Protection from Malicious Software
Security Incident Procedures – Response and Reporting
Contingency Plan – Disaster Recovery Plan
The U.S. Department of Health and Human Services does offer guidance on how to comply with each of the standards. NIST Special Publication 800-66 is also helpful, especially for governmental agencies that must comply with HIPAA. The purpose of the standards is simple, however: restrict protected health information to those who need to know it, and ensure the integrity of that information.