logo
SOLUTIONS
      

Compliance - HIPAA

Health Insurance Portability and Accountability (HIPAA)

The Health Insurance Portability and Accountability (HIPAA) regulation impacts health care organizations that exchange and store patient information. The HiTech Act of 2009 extended these regulations to include companies that work for health care organizations such as law firms and accounting firms.

HIPAA regulations were established to protect the integrity of patient information and compliance is intended to secure health information against unauthorized use, theft or disclosure of the information. As part of the requirements, HIPAA states that a security management process must exist in order to protect against “attempted or successful unauthorized access, use, disclosure, modification, or interference with system operations”. Further an organization must be able to monitor, report and alert on attempted or successful access to systems and applications that contain sensitive patient information.

Sample Pre-defined HIPAA Audit-ready Reports:

  • User Logon report - HIPAA requirements (164.308 (a) (5) - log-in/log-out monitoring) state that user accesses to the system be recorded and monitored for possible abuse.
  • User Logoff report - HIPAA requirements clearly state that user accesses to the system be recorded and monitored for possible abuse. Remember, this intent is not just to catch hackers but also to document the accesses to medical details by legitimate users. In most cases, the very fact that the access is recorded is deterrent enough for malicious activity, much like the presence of a surveillance camera in a parking lot.
  • Logon Failure report - The security logon feature includes logging all unsuccessful login attempts. The user name, date and time are included in this report.
  • Audit Logs access report - HIPAA requirements (164.308 (a) (3) - review and audit access logs) calls for procedures to regularly review records of information system activity such as audit logs.