Protecting Health Information

The Health Insurance Portability and Accountability Act (HIPAA) discusses certain safeguards that covered entities should implement to ensure the confidentiality, integrity, and availability of protected health information (PHI).

The HIPAA Security Rule contains five technical safeguards that concern electronic protected health information (EPHI). The Act is silent on specific methods and technologies to implement in order to be HIPAA compliant, which leads many covered entities unsure of how to proceed.

How CimTrak Helps With HIPAA Compliance

Automated System Hardening 

Non-compliant areas are continuously monitored to eliminate drift. CIS and DISA STIGs configuration hardening ensure secure configurations. 

Closed-Loop Change Control & Continuous Monitoring 

Real-time file integrity monitoring(FIM) monitors critical configurations to ensure a HIPAA compliant state.

Complete Perimeter Protection

Eliminate and reduce entry points that can be exploited. Don’t let unauthorized access occur with your routers, firewalls, and network devices.

HIPAA Integrity Controls

Through its advanced continuous configuration monitoring, CimTrak helps with the HIPAA compliance process, and helps meet several integrity controls under HIPAA including:

  • §164.306(a) (1):

    • General Requirements

  • §164.308(a) (1)(i)

    • Security Management Process

  • §164.308(a) (1)(ii)(B)

    • Security Management Process- Risk Management

  • §164.308(a) (1)(ii)(D)

    • Security Management Process- Information System Activity Review

  • §164.308(a) (5)(ii)(B)

    • Security Awareness, Training, and Tools – Protection from Malicious Software

  • §164.308(a) (6)(ii)

    • Security Incident Procedures – Response and Reporting

  • §164.308(a) (7)(ii)(B)

  • Contingency Plan – Disaster Recovery Plan

  • §164.312(a) (1)
    • Access Control
  • §164.312(b)
    • Audit Controls
  • §164.312(c) (1)
    • Integrity
  • §164.312(c) (2)
    • Integrity – Mechanism to Authenticate ePHI
  • §164.312(e) (2)(i)
    • Transmission Security – Integrity Controls

The U.S. Department of Health and Human Services does offer guidance on how to comply with each of the standards. NIST Special Publication 800-66 is also helpful, especially for governmental agencies that must comply with HIPAA. The purpose of the standards is simple, however: restrict protected health information to those who need to know it, and ensure the integrity of that information.



Achieve Continuous HIPAA Compliance

After initially achieving HIPAA compliance, how do you continuously maintain that compliance? CimTrak not only helps you gain compliance with several HIPAA Technical Safeguards but also ensures you stay that way. As an added benefit, CimTrak protects your other business-critical applications, manages critical configurations, and keeps your information secure.


Improve Cyber Resiliency and Cyber Hygiene

CimTrak’s cutting-edge remediation capabilities allow you to detect and respond to changes instantly, without any human intervention. This ensures that your critical applications and information stay in a constant state of integrity, and most importantly, your business stays running.

CimTrak’s ability to provide an audit trail of all system changes as well as provide detailed forensic data on those changes allows you to closely monitor your critical systems and easily produce audit documentation.



Meet Your HIPAA Security and Compliance Requirements

Learn how to secure your environment and stay compliant with CimTrak.