HIPAA Compliance
The goal of the Security Rule in the Health Insurance Portability and Accountability Act of 1996 (HIPAA) is to ensure the implementation of appropriate security safeguards to protect electronic health care information that may be at risk. nCircle Suite360 automates many of the previously manual tasks required for HIPAA compliance, greatly simplifying the compliance process.
nCircle Suite360 provides several capabilities to automate and simplify HIPAA compliance:
- Automated IT asset discovery and identification
- Comprehensive, agentless vulnerability assessment and configuration auditing
- Agentless policy compliance auditing
- System activity audit and review
nCircle Suite360 provides built-in HIPAA policies to automatically audit relevant systems for compliance, identifying any deviations.
Applying nCircle Solutions to HIPAA Security Rule Compliance
The chart below correlates the standards in the Administrative Safeguards section of the HIPAA Security rule with appropriate nCircle solutions.
Standard |
Section |
Implementation Specifications |
nCircle Solution |
---|---|---|---|
Security Management Process |
164.308(a)(1) |
Risk Analysis Risk Management Sanction Policy Information System Activity Review |
nCircle’s agentless solutions – nCircle IP360™ and nCircle Configuration Compliance Manager™ - conduct a thorough inventory of the network and comprehensively identify each device along with its operating system, applications, vulnerabilities and configuration. nCircle solutions deliver granular vulnerability and configuration scores. They also enable the customer to set host “Asset Values” to provide business context to the scores. Asset Values are provided by the customer and are integers (typically dollar values) that denote the value of a particular host in the environment. Representing the value of the asset is an important component of prioritization. Based on combined risk metric derived from the asset and its vulnerability or configuration score, an administrator may choose to focus on correcting or improving a system's compliance posture. nCircle solutions are designed for continuous, agentless operation, providing a solid foundation to reduce risks and vulnerabilities to a reasonable level. nCircle solutions can also streamline review of system activity including audit logs, access reports, etc. |
Assigned Security Responsibility |
164.308(a)(2) |
While this standard is comprised of policies and procedures only, nCircle solutions provide continuous and consistent monitoring to ensure that the policies and procedures are enforced. |
|
Workforce Security |
164.308(a)(3) |
Authorization and/or Supervision Workforce Clearance Procedure Termination Procedures |
While this standard is comprised of policies and procedures only, nCircle solutions provide continuous and consistent monitoring to ensure that the policies and procedures are enforced. While this standard is comprised of policies and procedures only, nCircle solutions provide continuous and consistent monitoring to ensure that the policies and procedures are enforced. |
Security Awareness & Training |
164.308(a)(5) |
Security Reminders Protection from Malicious Software Login Monitoring Password Management |
nCircle solutions provide automated monitoring for this HIPAA standard, including checking for the correct and up-to-date anti-virus on host systems, automatically auditing log in procedures and logs, and auditing systems to ensure their password policies match the entity’s policy (password length, number of allowed login attempts, etc.) |
Security Incident Procedures | 164.308(a)(6) | Response and Reporting | nCircle solutions are designed for proactive incident prevention; however, the detailed information they gather can also be of great use for identifying incidents, threat mitigation and forensics. nCircle solutions provide enterprise class reporting – from dashboards to actionable technical reports – that enable administrators to identify vulnerability trends, configuration deviations, and remediation steps for each problem. These reports also serve as proof of due diligence in the event of an incident. |
Contingency Plan | 164.308(a)(7) | Data Backup Plan Disaster Recovery Plan Emergency Mode Operation Plan Testing and Revision Procedure Applications and Data Criticality Analysis |
While this standard is comprised of policies and procedures only, nCircle solutions provide continuous and consistent monitoring to ensure that the policies and procedures are enforced. |
Evaluation | 164.308(a)(8) | While this standard is comprised of policies and procedures only, nCircle solutions provide continuous and consistent monitoring to ensure that the policies and procedures are enforced. | |
Business Associate Contracts and Other Arrangements | 164.308(b)(1) | Written Contract or Other Agreement | While this standard is comprised of policies and procedures only, nCircle solutions provide continuous and consistent monitoring to ensure that the policies and procedures are enforced. |
Contact us today for a more detailed discussion about how we can help meet your HIPAA goals.