Secure your organization’s network for HIPAA compliance.
New revisions to federal privacy and security regulations (the HIPAA Omnibus Final Rule) are now in place with full effect from September 23rd. It concerns the necessary safeguards for protected health information – and stem from changes made under the Health Information Technology for Economic and Clinical Health (HITECH) Act.
HITECH brings additional compliance standards to healthcare organizations for securing electronic health records (EHR).
Understanding HIPAA and Health Information Privacy
The HIPAA Privacy rule provides federal protections for individually identifiable health information held by covered entities and their business associates and gives patients an array of rights with respect to that information.
To help with the new revisions the American Medical Association recently published a toolkit to help organizations understand and comply with the new rules.
Safeguarding all Patient Data
Any healthcare organization that either stores, processes or transmits personal health information (PHI) is therefore required to comply with the Health Insurance Portability and Accountability Act (HIPAA) and safeguard all protected data.
HIPAA regulations do not mandate particular security technologies. They specify a set of principles that should guide an organization’s technology choice.
HIPAA Network Security
When it comes to securing a Microsoft Windows and Active Directory network, organizations should look to safeguard and secure their Windows infrastructure, beyond what’s available in native Windows security controls.
Specific but important gaps do exist in native Windows functionality that organizations across all sectors have to address.
- Microsoft Servers are vulnerable to attack through inappropriate user access.
- Windows does not prohibit concurrent logins or alert IT about inappropriate file access.
- Windows does also not provide monitoring or access and login intelligence to administrators.
How ISDecisions help organizations meet HIPAA / HITECH requirements
ISDecisions provides network security software to solve these challenges. They help prevent security breaches and ensure HIPAA compliance by protecting data and information contained within the network from authorized users (or those with whom they share their logins) and helps towards ensuring unauthorized access to a network is no longer a possibility.
1. UserLock provides visibility and control of all employee access to a Network and the data contained within.
With UserLock you can set and enforce granular login restrictions that:
- Prevent concurrent logins to ensure that access to data is attributed to individual employees. Limiting concurrent logins helps stops users from sharing their passwords and stops rogue users from using valid credentials at the same time as their legitimate owner.
- Restrict user access to the network based on multiple criteria including workstation access and usage/connection time.
2. FileAudit protects all file servers in a Windows environment by monitoring, archiving and reporting on all access to files and folders.
With FileAudit you can:
- Identify all users accessing files or folders and the type of access, file ownership change or permission modification.
- Real time monitoring means you can quickly search, be alerted on, report and archive all file access events occurring on one or several Windows systems.
Best in class security around network and file access
Together UserLock and FileAudit can allow you to see the details of every user connecting to your network and the files or folders they are accessing.
By enabling organizations to enhance network security far beyond what native Windows functionality provides and by offering extensive reporting and auditing, organizations can rely on UserLock and FileAudit to help ensure compliance with HIPAA regulatory audits.
What’s more both UserLock and FileAudit are remarkably simple to install and easy to use.