Here is a helpful checklist of ways in which UserLock and FileAudit can help you address user security. The list is by no means exhaustive, but will help you on your way to becoming HIPAA compliant.
Access Control
"Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights."
Do you give all users unique login credentials?
Ensures that nobody can log on to the system without uniquely identifiable credentials.
Do you restrict users from sharing logins?
Prevents concurrent logins with the same set of user credentials — helping to eradicate dangerous password sharing practices.
Can you attribute actions on the network to individual users?
Helps administrators verify all users’ identity at any time, making users accountable for any activity — malicious or otherwise.
Do you restrict network access on a job-role basis?
Enables the administrator to set granular access rights to different types of employees to ensure that they can only access the information they need to do their job.
Do you review network access for employees who change roles in the organisation?
Enables administrators to easily change access rights (permanently or temporarily) for individual users, groups of users, or organisational units.
Person or Entity Authentication
"Implement procedures to verify that a person or entity seeking access to electronic protected health information [PHI] is the one claimed."
Integrity
Mechanism to authenticate electronic protected health information.
"Implement electronic mechanisms to corroborate that electronic [PHI] has not been altered or destroyed in an unauthorized manner."
Audit controls
"Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information."