|
HIPAA Solutions
The Standard
The Health Insurance Portability and Accountability Act (HIPAA) was passed into law in August 1996, placing new requirements on
thousands of U.S. organizations involved with the provision of health care. Its two principle aims are: (1) to increase availability
of healthcare by standardizing the exchange of healthcare information and (2) to protect the confidentiality and security of patient records.
Organizations that must comply with HIPAA are known as Covered Entities. These include health plans (e.g. HMOs, group health plans),
health care clearinghouses (e.g. billing and repricing companies) and health care providers (e.g. doctors, dentists, hospitals).
The HIPAA Privacy Rule came into effect in April 2001, requiring Covered Entities to come into compliance by April 2003, and formalized
procedural restrictions on the handling of health care information.
The Challenge
HIPAA’s effect on IT requires that an organization must secure all information related to an individual’s healthcare, regardless of the
location of the data, referred to as electronic protected health information (EPHI). This means that to be HIPAA compliant, organizations
must take steps to prevent inappropriate access to EPHI by putting into place both proactive and reactive controls over IT systems.
The Solution
ScriptLogic solutions can assist in bringing every aspect of a healthcare organization’s Windows network into compliance in the areas of
Active Directory, server and desktop security. The following actions can be performed with ScriptLogic solutions to meet HIPAA control
requirements:
Ensure Proper Permissions in Active Directory – Active Administrator generates
reports on AD permissions, which can be used to identify inappropriate permissions. Permissions can be delegated with self-healing Active
Templates, making assignment of permissions specific, consistent and enforced.
Manage Group Policies to Secure Users and Desktops – Active Administrator
harnesses the power of Group Policies by incorporating an Offline Repository to make modifications, along with an enhanced
RSoP to determine the effect of Group Policies.
Manage Server Security – Inspect, manage and report on NTFS permissions with Security Explorer,
dramatically reducing the amount of time required to secure an organization’s data. Report and document the security settings in AD, NTFS, server
registries, and shares with Enterprise Security Reporter. Manage service settings
to easily identify and rectify insecure service accounts with Security Explorer.
Manage Desktop Security –Establish automatic locks and logoffs due to workstations inactivity, as well as provide security reminders and
prompts with Desktop Authority.
Audit Changes in Active Directory – Audit, report and notify on any change in AD, such as password resets, group membership changes or
Group Policy management with Active Administrator.
Backup and Restore Security – Protect your NTFS security with Security Explorer
and AD permissions with Active Administrator.
Comprehensive Windows Security Reporting – Enterprise Security
Reporter gives insight into the security settings on NTFS, Shares, and Registries, while
Active Administrator details the security settings in AD. Additionally,
Security Explorer can be used to provide reporting on just NTFS permissions.
Each of these tools can be used to provide consistent and timely reporting covering critical security areas.
Audit File System Activity – centrally monitor, report and alert on all file system activity
with File System Auditor.
|
Compliance Center
