HIPAA

The Health Information Portability and Accountability Act provides for the security and privacy of patient records. Beginning with its enactment in 1998, and up to and including the HIPAA Security Rule (full compliance required by April 21, 2005), the HIPAA federal law has required comprehensive measures taken by all organizations handling Protected Health Information (PHI) to ensure the integrity, security and confidentiality of health care information. Health care information can be a life-or-death matter, and Congress demonstrated the importance of confidential health information by writing into HIPAA punishments for non-compliance that include up to $250,000 in fines and jail time of up to 10 years.

The HIPAA Privacy Rule applies to Protected Health Information (PHI) in all forms (oral, written, and electronic) and addresses the use and disclosure of an individual’s health information. HIPAA provides for the confidentiality, integrity, and availability of electronic Protected Health Information (ePHI):

Confidentiality is the assurance that ePHI data is shared only among authorized persons or organizations.
Integrity is the assurance that ePHI data is not changed unless an alteration is known, required, documented, validated and authoritatively approved. Most important to HIPAA, data integrity ensures that we can rely on data in making medical decisions. It is an assurance that the information is authentic and complete, and that the information can be relied upon to be sufficiently accurate for its purpose.
Availability is the assurance that systems responsible for delivering, storing and processing critical ePHI data are accessible when needed, by those who need them under both routine and emergency circumstances.

Measurable and auditable security processes are required for compliance with HIPAA.

LogLogic’s unique capabilities to collect, alert on, analyze, store, and archive log data is an essential tool for ensuring HIPAA compliance.

LogLogic Solutions Provide Visibility and Control Over Key HIPAA Compliance Issues:

Alignment of log data collection, reporting, alerting and storage; and, your IT control and risk matrix
Undesired access to financial and confidential records
Rapid remediation of threats
Malicious content that may alter, damage or contribute to theft of sensitive information
Rate-based attacks that can reduce or impede the availability of critical resources and information
Proper auditing, monitoring, logging, and reporting of security events for rapid identification and response to a material event
Forensic analysis of suspicious or material events
Detailed archiving of network logs in legally acceptable and easily managed form

Key Resources

More Resources

LogLogic & Compliance

Read more in how log management and intelligence have become best practices in meeting compliance requirements.

LogLogic Live!

Join our weekly webcast featuring a live product demo and Q&A.