The Health Insurance Portability and Accountability Act of 1996 (HIPAA) required the Secretary of the U.S. Department of Health and Human Services (HHS) to develop regulations protecting the privacy and security of certain health information.1 To fulfill this requirement, HHS published what are commonly known as the HIPAA privacy rule and the HIPAA. The Privacy Rule, orStandards for Privacy of Individually Identifiable Health Information, establishes national standards for the protection of certain health information. The Security Standards for the Protection of Electronic Protected Health Information (the Security Rule) establish a national set of security standards for protecting certain health information that is held or transferred in electronic form. The Security Rule operationalizes the protections contained in the Privacy Rule by addressing the technical and non-technical safeguards that organizations called “covered entities” must put in place to secure individuals’ “electronic protected health information” (e-PHI). Within HHS, the Office for Civil Rights (OCR) has responsibility for enforcing the Privacy and Security Rules with voluntary compliance activities and civil money penalties.
Axxera offers a full breadth of services to help healthcare organizations address HIPAA compliance Security Standards. We have extensive experience partnering with healthcare providers and we can help you improve your security and compliance posture while reducing costs. As described below, our Enterprise Security Services and Professional Services align directly with many components of the HIPAA Security Standards.
| Administrative HIPAA Compliancy | ||
| Standard | Summary of Requirements | Solutions |
| Security Management Process | Implement policies and procedures to prevent, detect, contain and correct security violations. | |
| Specifications include: | Axxera Security Consulting team aligned with HIPAA requirements can conduct the required Security Assessment (SA) and recommend appropriate security measures and controls. | |
| Security Assessment (SA) | Axxera Security Monitoring ( MSSP ) and SIEM On-Demand Services or SIEM Product which can be deployed at security concious customers site can facilitate the review of system activity such as logs and access reports (AR). Management and tracking of security incidents from identification to tickets closure is also provided via the Axxera Portal / Console | |
| Security / Risk Management / ITIL based activity Review | SIEM Product Managed Firewall Managed Intrusion Prevention and Detection Security Monitoring SIEM On-Demand |
|
| Workforce Security / Information Management | Implement policies and procedures to ensure that all members of its workforce have appropriate access to electronic protected health information (EPHI) and to prevent those workforce members who do not have access from obtaining access to electronic protected health information. | |
| Specifications include: | Axxera Consulting team can help you develop appropriate policies and procedures to secure EPHI. Axxera Secure consulting can also review existing access control policies and procedures to identify any flaws and recommend improvements in regards to security and HIPAA requirements | |
| Security Awareness and Training | Implement a security awareness and training program for all members of its workforce including management. | Axxera works with 3rd parties and provide onsite |
| Security Incident Procedures | Implement policies and procedures to address security incidents. | |
| Specifications include: | Axxera SIEM, Security Monitoring and SIM On-Demand Service identify and provide first line response to security incidents via Ticketing system. Which provide unlimited remote incident response support for MSSP services or train SOC to handle and address Security incidents, which are addressed via Console and viewed via Portal, incidents are associated with tickets and are fully documented from identification to closure for tracking and audit purposes. | |
| Response and reporting | Axxera Security Consulting can also help you develop HIPAA-compliant procedures for responding to incidents and reporting them. Axxera can also review your existing incident response procedures for compliance with HIPAA requirements and industry best practices via ITIL based Incident response system. | |
| Axxera CI SIEM Product ( Client site ) | ||
| Contingency Plan | Establish (and implement as needed) policies and procedures for responding to an emergency or other occurrence that damages systems that contain EPHI. | |
| Specifications include: | Axxera's Security Consulting can help you develop and review procedures for business continuity and disaster recovery in accordance with HIPAA requirements and industry best practices. | |
| Data backup plan | Security Consulting | |
| Disaster recovery plan | ||
| Emergency mode operation plan | ||
| Testing and revision procedures | ||
| Applications and data criticality analysis | ||
| On Going Evaluation | Perform a periodic technical and non-technical evaluation that establishes the extent to which an entity’s security policies and procedures meet the above administrative safeguard requirements. | Axxera Security Consulting team can perform periodic evaluations of your security policies and procedures to determine the extent to which they comply with HIPAA administrative safeguard requirements. |
| Security Consulting | ||
| Technical HIPPA Compliancy | ||
| Standard | Summary of Requirements | Solutions |
| Access Control | Implement technical policies and procedures for electronic information systems that maintain EPHI to allow access only to those persons or software programs that have been granted access rights. | |
| Specifications include: | Axxera SIEM Product, Security Monitoring and SIM On-Demand services can monitor the logs of information systems such as servers or applications that maintain EPHI to detect unauthorized access. | |
| User ID | Axxera Security Consulting team can help you develop appropriate technical policies and procedures to control the access of staff and applications to EPHI. We can also review your existing technical policies and procedures for access control to identify areas of weakness and make recommendations for improvement. | |
| Emergency access procedure | SIEM Product ( Customer Onsite ) | |
| Automatic logoff | ||
| Encryption and decryption | ||
| Audit Controls | Implement hardware, software and/or procedural mechanisms that record and examine activity in information systems that contain or use EPHI. | Axxera can manage and monitor access controls via ITIL based Ticketing / Incident Management system. Also can deploy the SIEM product and integrate with 3rd party security tools like (Anti-virus, Malware detection etc) |
| Axxera SIEM Product ( Customer onsite ) Security Monitoring, Log Retention and SIM On-Demand services facilitate the recording and examination of system activity such as logs and access reports. Axxera Hosted Intrusion Prevention/Detection services can be used to provide active response to critical systems. Management and tracking of security incidents from identification to full closure is also provided via the Axxera Ticketing System, Console ( SOC ) and Portal. | ||
| SIEM Product (Customer Onsite) Security Monitoring Log Retention SIEM On-Demand Host Intrusion Prevention (HIPS) Security Consulting |
||
| Transmission Security | Implement technical security mechanisms to guard against unauthorized access to EPHI that is being transmitted over an electronic communications network. | |
| Security measures to ensure that EPHI is not improperly modified; and | ||
| Mechanisms to encrypt EPHI | Once determined,Axxera can provide protection for EPHI in transit that includes Managed Firewall & VPN services, Encrypted Email services, and Security Monitoring services to provide assurance for data at rest. Management and reporting on transmission security is also provided via the Axxera CI Ticketing system, Console, Portal. | |
| The appropriate control should be determined through a risk analysis to ensure that EPHI is protected in a manner commensurate with the associated risk when it is transmitted from one place to another. | Email Encryption SIEM Product ( Customer Onsite ) |
|
Axxera is uniquely positioned to safeguard the electronic presence of today's corporations. Our founders pioneered the security industry by designing and building security infrastructure worldwide.
Copyright © All rights reserved. Axxera Inc.