Security Management Solutions
Security Management Solutions
Overview | Management | Board & Investors | Careers | Contact Us
Overview | NerveCenter | InfoCenter | ThreatCenter | LogCenter | InfoCenter on IBM BladeCenter
Overview | Compliance Solutions | Security Management Solutions | Network Management Solutions
Overview | Professional Services | Education & Training | Customer Support
Overview | Case Studies
Overview | Premier Partners | Strategic Partners | Technology Partners
Press Releases | Articles & News | Tradeshows & Exhibits
Security Management - Forensic Analysis & Incident Management

HIPAA Compliance


In order to achieve compliance with the Health Insurance Portability and Accountability Act (HIPAA), health care providers, health plans, and health care clearinghouses—as well as their business partners—must have the systems in place to capture and collect needed data for a number of reports required by the regulations.

What's Needed for Compliance
To meet HIPAA compliance requirements, companies must protect information from reasonably anticipated threats to security and integrity as well as the unauthorized use or disclosure of that information. They must also ensure that their workforce complies with the requirements and that confidentiality is maintained.

To achieve those objectives, the following information is required for reporting and retention purposes:

To address the HIPAA compliance requirements, companies must be able to address the following objectives:

  		• Access Control monitors attempts to access anything on a company’s systems including files, directories, database records, or applications.
  		• Configuration Control monitors the configuration, policies, and software installed on systems covered by a particular compliance regulation and all systems with access to the monitored system.
  		• Malicious Software Detection capabilities collect and report malicious activities caused by viruses or other malicious code.
  		• Policy Enforcement verifies that all users are complying with regulations to reduce the chance of accidental exposure of sensitive information to unauthorized users.
  		• User Monitoring and Management creates a complete audit of the activities of non-employees with access to private data and takes steps to minimize the risk from compromised accounts.
  		• Environment & Transmission Security involves the ongoing monitoring of the environment to ensure that security threats are detected and corrected as quickly as possible through proactive measures such as VA scans.
    To achieve and maintain compliance in those areas, companies must use the following product capabilities provided by the OpenService solution InfoCenter:  
  		• Collect data in a non-filtered fashion that is preserved in an efficient and protected manner using LogCenter, a component of InfoCenter.
  		• Efficiently generate the summary and detailed reports spanning the data-retention periods mandated by Sarbanes-Oxley using the reporting component of InfoCenter.
  		• Forensic Analysis of systems’ correct policies and system settings to provide a debug-level view of all changes and the effect they have on the environment using InfoCenter correlations.
  		• Establish Incident Management capabilities for close monitoring and correction of violations to make sure they are recorded, escalated, and corrected in a timely and through manner using the alert monitoring capabilities of InfoCenter.
      These functions ensure that the administrative, physical and technical control demanded by HIPAA regulations are maintained. OpenService solutions address all of the technical standards required.

     | Privacy Policy  | Copyright  | ©2002-2008 OpenService, Inc. All Rights Reserved