IS Decisions logo

IS Decisions Blog

HIPAA network security compliance for Windows Active Directory

Learn how to meet HIPAA network security compliance by securing network and file access in Windows Active Directory.

Published October 2, 2013
HIPAA network security compliance for Windows Active Directory

Federal privacy and security regulations, such as the HIPAA Omnibus Final Rule, concern the necessary safeguards for protected health information – and stem from changes made under the Health Information Technology for Economic and Clinical Health (HITECH) Act.

HITECH brings additional compliance standards to healthcare organizations for securing electronic health records (EHR).

Understanding HIPAA and Health Information Privacy

The HIPAA Privacy rule provides federal protections for individually identifiable health information held by covered entities and their business associates and gives patients an array of rights with respect to that information.

Safeguarding all patient data

Any healthcare organization that either stores, processes or transmits personal health information (PHI) is therefore required to comply with the Health Insurance Portability and Accountability Act (HIPAA) and safeguard all protected data.

HIPAA regulations do not mandate particular security technologies. They specify a set of principles that should guide an organization’s technology choice.

HIPAA Network Security

When it comes to securing a Microsoft Windows and Active Directory network, organizations should look to safeguard and secure their Windows infrastructure, beyond what’s available in native Windows security controls.

Specific but important gaps do exist in native Windows functionality that organizations across all sectors have to address.

How ISDecisions helps organizations meet HIPAA / HITECH requirements

ISDecisions provides network security software to solve these challenges. They help prevent security breaches and ensure HIPAA compliance by protecting data and information contained within the network from authorized users (or those with whom they share their logins) and helps towards ensuring unauthorized access to a network is no longer a possibility.

1. UserLock provides visibility and control of all employee access to a Network and the data contained within.

UserLock user sessions

With UserLock you can set and enforce granular login restrictions that:

  • Prevent concurrent logins to ensure that access to data is attributed to individual employees. Limiting concurrent logins helps stops users from sharing their passwords and stops rogue users from using valid credentials at the same time as their legitimate owner.

  • Restrict user access to the network based on multiple criteria including workstation access and usage/connection time.

2. FileAudit protects all file servers in a Windows environment by monitoring, archiving and reporting on all access to files and folders.

FileAudit

Get effective, easy-to-use network and file access security

Together UserLock and FileAudit can allow you to see the details of every user connecting to your network and the files or folders they are accessing.

By enabling organizations to enhance network security far beyond what native Windows functionality provides and by offering extensive reporting and auditing, organizations can rely on UserLock and FileAudit to help ensure compliance with HIPAA regulatory audits.

What’s more both UserLock and FileAudit are remarkably simple to install and easy to use.