Compliance Solutions

How IS Decisions can help you address HIPAA compliance to keep patient data safe

Because of the sensitive nature of patient data, HIPAA requires healthcare organisations to enforce data access strictly on a need-to-know basis. If an employee doesn’t need access to certain networks or files to do their job, the organisation should deny access to those networks or files.

To restrict access to data effectively, organisations need to know the identity of everybody on the network at any one time, as well as details like the location they’re logging in from, the time activity occurs and what device they’re using to build up a profile of each employee. Login sharing, for instance, is inherently non-compliant because it makes identifying users difficult, but it’s still a practice that happens frequently because employees often place convenience over security.

UserLock and FileAudit by IS Decisions can form part of your compliance strategy by helping you mitigate against unauthorized network and file access. Ultimately, the software helps you to control system access, identify employees on the network, respond to suspicious activity quickly, and better protect patient data.

Become HIPAA compliant with IS Decisions solutions

Hipaa Compliance Logo

Here is a helpful checklist of ways in which UserLock and FileAudit can help you address user security. The list is by no means exhaustive, but will help you on your way to becoming HIPAA compliant.

Access Control

« Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights. »


Do you give all users unique login credentials?

Ensures that nobody can log on to the system without uniquely identifiable credentials.


Do you restrict users from sharing logins?

Prevents concurrent logins with the same set of user credentials — helping to eradicate dangerous password sharing practices.


Can you attribute actions on the network to individual users?

Helps administrators verify all users’ identity at any time, making users accountable for any activity — malicious or otherwise.


Do you restrict network access on a job-role basis?

Enables the administrator to set granular access rights to different types of employees to ensure that they can only access the information they need to do their job.


Do you review network access for employees who change roles in the organisation?

Enables administrators to easily change access rights (permanently or temporarily) for individual users, groups of users, or organisational units.


Person or Entity Authentication

« Implement procedures to verify that a person or entity seeking access to electronic protected health information [PHI] is the one claimed. »


Do you enforce the secure use of passwords and verify a person is the one claimed?

Strengthens unique network login credentials with context-aware access restrictions and user reminders, which help verify that a person seeking access to the network and the information within is genuinely who they say they are.


Do you monitor access to the network?

Monitors all logon and logoff activity in real time to ensure that the only people who can access vital data are the people who need to. UserLock alerts administrators to any suspicious, disruptive or unusual logins based on time, location and device.


Integrity

Mechanism to authenticate electronic protected health information.
« Implement electronic mechanisms to corroborate that electronic [PHI] has not been altered or destroyed in an unauthorized manner. »


Do you monitor specific actions on files or folders, like copying, moving and deleting?

Monitors all files and folders in real time on your network and records all actions that users take when making modifications. It verifies that users have not altered or destroyed patient information in an unauthorised manner.


Audit controls

« Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information. »


Do you conduct regular security audits or reports?

Records and audits all network logon events, across all session types, from a central system.

Audits all access and changes to files and folders, and immediately alerts administrators to suspicious behaviour.


Find out more for yourself with our FREE 30Day Fully Functional Trials