|
|
| Regulations & Compliance |
 prev | index | next  |
 |
HIPAA(Health Insurance Portability
and Accountability Act) |
|
http://www.hipaa.org/
Description
The Health Insurance Portability and Accountability Act of 1996 (HIPAA, Title II) require the Department of Health and Human Services (HHS) to establish national standards for electronic health care transactions and national identifiers for providers, health plans, and employers. It also addresses the security and privacy of health data. Adopting these standards will improve the efficiency and effectiveness of the nation's health care system by encouraging the widespread use of electronic data interchange in healthcare.
Defines two primary areas of security requirements, Privacy Standards (effective immediately) and Safeguard Standards (effective in 2005 for smaller companies). Applies to any company or institution that collects or maintains identifiable health information.
Privacy Standards protect all "individually identifiable health information" and limits circumstances where information may be used or disclosed. These standards allow some measure of flexibility to implement solutions appropriate to your company's environment; however, the following standards are required:
- Implement written privacy policies and procedures
- Designate a privacy official
- Train workforce members (paid and voluntary) on privacy policies
- Mitigate, to every extent practicable, any harmful effect
- Maintain appropriate administrative and technical safeguards
- Implement procedures for complaints about compliance
- Maintain records for at least 6 years
Audit Body
Civil code
Federal Government Regulation
Industry Affected
All healthcare institutions: including all health care providers, health plans, public health authorities, healthcare clearinghouses, and self-ensured employers, as well as life insurers, information system vendors, various service organizations, and universities.
Distributed Taps & HIPAA Compliance
VSS monitoring offers health institutions a real-time view into the network, which allows for identification of risks, vulnerabilities and threats; determining their business impact; and taking the most precise, appropriate action to defend the network--exactly what is required to address HIPAA security regulations:
1. General Security Standards:
VSS helps to create the general standards to protect electronic health information with comprehensive vulnerability assessment and management, and the intrusion prevention and forensics abilities in combination with other security tools.
2. Administrative Safeguards
including Security Management Process and Incident Response: This section includes implementation of features consisting of: Risk analysis which can be performed with the use of IDSes and forensics tools viewing the traffic collected by VSS taps. Such network monitoring lets you determine priority and appropriate responses for threats and incidents, giving you the control to manage risk in critical areas while minimizing the effect of benign activities.
3. Technical Safeguards
including policies, procedures, and technologies as security measures: VSS taps, in combination with network monitoring, IDS and Forensics tools, help companies to comply with the specifics of this section regarding the implementation and usage of security technologies for access control, audit control, and preventing improper alteration or destruction of data.
|
|
|
| prev | index | next |
|
