InterSOC™ Enterprise Security Manager for HIPAA

	InterSOC Solutions Overview Benefits Architecture Compliance PCI-DSS HIPAA FISMA Services Implementation Consulting Training Support Support Training User Forums News & Events About Contact Us

HIPAA Requirements

HIPAA has specific requirements that can be provided by InterSOC™ ESM:

Section 164.308(a)(1)(ii)(B)
Has the risk management process been completed using IAW NIST Guidelines?

Section 164.308(a)(1)(ii)(D)
Have you implemented procedures to regularly review records of IS activity such as audit logs, access reports, and security incident tracking?

Section 164.308(a)(5)(ii)(B)
Do you have policies and procedures for guarding against, detecting, and reporting malicious software?

Section 164.308(a)(5)(ii)(C)
Do you have procedures for monitoring log-in attempts and reporting discrepancies?

Section 164.308(a)(6)(i)
Security incident procedures: Implement policies and procedures to address security incidents.

Section 164.308(a)(6)(ii)
Do you have procedures to identify and respond to suspected or known security incidents; to mitigate them to the extent
practicable, measure harmful effects of known security incidents; and document incidents and their outcomes?

Section 164.312
Technical Safeguards, contains provisions extracted from two sections of the proposed rule: Technical Security Services and Technical Security Mechanisms.

Section 164.312(b)
Have you implemented audit controls, hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use EPHI?

How InterSOC helps with HIPAA compliance:

InterSOC helps healthcare organizations by automating the collection, reporting and analysis of security data. By utilizing distributed InterSOC ET data collectors, the event data is encrypted and compressed saving crucial network bandwidth. By implementing our patent pending data analysis signatures, the data is quickly and accurately analyzed and incidents are managed throughout the solution.

InterSOC helps healthcare organizations resolve the bulk data issue and the security team is able to focus efforts on managing the risk to the organization instead of sifting through enormous amounts of data.

Healthcare organizations are faced with HIPAA regulations that mandate the confidentiality and integrity of patient and customer data. Protection of this information is required from both an internal and external perspective. Healthcare organizations are commonly faced with a multitude of challenges including:

Diverse and often times legacy operating systems

Typically highly distributed data

Sensitive information on many points of the network

Limited resources on the information security team

Bulk Data!!

Collect events from custom applications for greater visibility, which may include monitoring access to EPHI data.

.Summary of the HIPAA Privacy Rule