Staying Healthy: 10 Hot HIPAA Compliance Products

HIPAA Compliance: Here's To Your Health

With personal health care data at a premium, cyber criminals are honing their skills to launch sophisticated malware and social engineering attacks designed to fool even the most savvy security professional. As such, security experts maintain that attacks exposing health care data, such as the recent data breach at Stanford Hospital, will likely be more common. And unlike credit card data, the exposure of personal health information could lead to extortion and other attacks used against a victim’s life.

Subsequently, compliance mandates such as the federal HIPAA and the HITEC Act have imposed increasingly stringent requirements on organizations processing health care data. The revamped compliance mandates incorporate additional regulations applied to a wider swath of users while imposing stiffer financial penalties for noncompliance.

Here are a few compliance tools that can give health care security professionals additional peace of mind.

Compliancy Group's The Guard

Designed by auditors and privacy/security officers, the Compliancy Group's The Guard is an easy to use and easy to understand compliance tool for any covered entity. Altogether, the tool comes equipped with patient and business associate management, an auditing wizard, gap management, remediation planning, incident tracking, training manager, document version control and employee policy/procedure manager.

The Guard provides the end user with a simple to use menu system, enabling them to access any portion of the product with ease, while covering the entire compliance spectrum with minimal cost of entry. The Guard also offers a ’quick menu’ for the most widely used functions in the system.

In addition, the compliance tool radically simplifies account management, while still offering all of the functionality required to stay compliant.

eGestalt SecureGRC

SecureGRC is a cloud based automated IT Security and Compliance management solution for all enterprises, including small and medium businesses. SecureGRC includes all security and IT-GRC functions required to be compliant with an easy-to-adopt compliance management framework incorporating leading edge context based inference engines, advanced alert processing and easy-to-use logging and monitoring capabilities.

Altogether the product includes:

Fortinet FortiWeb 4.0 MR3

As an integrated WAF and Web vulnerability scanner, FortiWeb 4.0 MR3 is ideal for organizations subject to Payment Card Industry Data Security Standards (PCI-DSS) 6.6, data breach notification requirements such as California State Assembly Bill 1386 or HIPAA compliance. For customers in need of assistance in protecting critical Web applications from attacks such as SQL Injection and Cross-Site Scripting, FortiWeb appliances leverage the built-in Web vulnerability scanner to proactively identify and guard against potential data loss from Open Web Application Security Program (OWASP) Top 10 attack profiles. In addition, as part of this release, FortiWeb 4.0 MR3 features advanced data compression capabilities to improve bandwidth utilization and user response times, as well as the overall performance of application delivery.

FortiWeb 4.0 MR3 features a wide range of new capabilities that span security and configuration, logging and reporting and ease-of-use, including:

IpSwitch WhatsUp Log Management v10:

Regulatory compliance is an important consideration for any modern business. However many find the need to retain and report on Event Log and Syslog activity overwhelming. WhatsUp Log Management v10 provides over one hundred pre-packaged reports organized according to government and industry regulations so IT managers can quickly select the reports necessary for their individual business need. These reports are then compressed and delivered to secure directories in accordance with FIPS 140-2 cryptographic standards to prevent unauthorized viewing.

Features include:

IBM Tivoli Security Information and Event Manager and HIPAA Module

Health care organizations have plenty to worry about when it comes to confidential data loss and intrusion as they face increasing pressure to maintain the privacy and security of electronic protected health information (ePHI). Because the Centers for Medicare and Medicaid Services (CMS) have auditors who can enforce Health Insurance Portability and Accountability Act (HIPAA) guidelines, noncompliant organizations face the threat of increased penalties.

IBM Tivoli Security Information and Event Manager and its HIPAA module address these challenges with an automated solution that monitors and reports on user access and activity across the enterprise.

Highlights include the ability to:

Lieberman Enterprise Random Password Manager

Enterprise Random Password Manager (ERPM) from Lieberman Software helps lower the cost of compliance with HIPAA by quickly detecting, securing, and controlling access to shared, administrator, and other privileged account passwords throughout the IT infrastructure. ERPM also creates authoritative auditing and compliance reports that identify historical access by user and account and prove that access to sensitive data is limited only to those with ’need to know.’

Palisade Systems

Packetsure DLP is a comprehensive data loss prevention (DLP) solution that safeguards the enterprise network while also quickly and cost-effectively meeting compliance requirements for PII/PHI for HIPAA/HITECH, GLB, SOX and PCI DSS. With PacketSure DLP, organizations are now able to guard and monitor the perimeter of their networks for data leaks, while also protecting themselves from data leaks at the endpoint, preventing their confidential information from being copied to CDs, DVDs, and USB drives or over FireWire. PacketSure is available through Managed Service Providers and can be installed as an appliance, as a virtual appliance, or as Software-as-a-Service (SaaS). In addition, Palisade is providing the core functionality of PacketSure Basic DLP free to the first 500 businesses, to finally put to rest the misconception that DLP is costly and difficult to manage.

Symantec Compliance Control Suite

Today, the complexity of ensuring compliance and strong IT governance in a healthcare organization is increased by the variety of security issues that must be monitored and the need to comply with multiple external mandates, including HIPAA, state privacy laws, and the PCI-DSS standards for processing credit card payments. Recent research indicates that companies investing in point products for each compliance mandate they face will spend significantly more on IT compliance than those that implement a solution suite to manage multiple mandates. Healthcare organizations also need to keep up with changes in these industry regulations, updating their policies and control statements accordingly.

Symantec Control Compliance Suite helps healthcare organizations prepare for compliance audits by offering a holistic approach to IT risk and compliance. The solution allows organizations to:

Trend Micro Worry Free/Endpoint Encryption/ Deep Security/Threat Management

Trend Micro has a series of solutions to tackle the most difficult issues in the healthcare world when it comes to protecting data. For physical endpoints Trend Micro Worry Free and Trend Micro Endpoint Encryption secure information from theft and loss with robust anti-virus and encryption. For virtual servers and VDI, Trend Micro Deep Security can detect and prevent unauthorized access to virtual devices. Trend Micro Threat Management services can handle the myriad of medical devices that contain embedded operating systems. Finding affected machines and shutting them down before further damage is done. Whether it is physical, virtual or embedded, Trend Micro has a solution that can assist with meeting data protection requirements for HIPAA/HITECH.

Tripwire Enterprise 8.0

Tripwire’s configuration control and file integrity monitoring solution offers comprehensive compliance policy management that protects critical infrastructure, detects changes in real time and corrects non-compliant configurations. Tripwire Enterprise 8.0 allows organizations to cost-effectively bring IT systems into compliance with internal policy and regulatory mandates such as HIPAA, by incorporating best practices for high-integrity systems management.

Tripwire Enterprise 8.0 helps meet the requirements of HIPAA by reducing the time spent resolving issues caused by poor network and data security practices, while enhancing the data security of electronic personal health information (ePHI).Tripwire delivers a comprehensive solution by: