HIPAA applies to virtually all healthcare organizations — including all healthcare providers, health plans, public health authorities, healthcare clearinghouses, and self-insured employers – as well as life insurers, information systems vendors, various service organizations, and universities. The Administrative Simplification section of HIPAA resulted in several rules, including the Security Rule. The final Security Rule was published on February 20, 2003, and provides for a uniform level of protection of all health information that is housed or transmitted electronically and that pertains to an individual. HIPAA requires covered entities to:
HIPAA calls for severe civil and criminal penalties for noncompliance, including fines of up to $25K for multiple violations of the same standard in a calendar year, and fines of up to $250K and/or imprisonment up to 10 years for knowing misuse of individually identifiable health information.
Ensuring Compliance
Sourcefire is the first and only intelligent cybersecurity system that integrates IPS, NBA, and compliance technologies to provide healthcare organizations with the most effective, efficient network security for adhering to HIPAA security regulations.
Sourcefire Enables HIPAA Compliance
Sourcefire enables a fully integrated, real-time process of discovering risks, vulnerabilities, and threats; determining their business impact; and taking the most precise, appropriate action to defend the network – exactly what your company needs to address HIPAA security requirements.
| HIPAA Requirement | The Sourcefire Approach |
|---|---|
| 164.306 – the General Rule Protect against reasonably anticipated risks and threats | Delivers several best practice controls to secure networks from reasonably anticipated risk and threats |
| 164.308 – policies and procedures to prevent. detect, correct and contain security violations | Enables organizations to set and continuously enforce security policies related to security incidents, violations, configuration, and network use policy |
| 164.312/316 – Implement reasonable and appropriate policies and procedures to comply with standards & implementation specifications | Monitors, logs, and reports on security events, potential vulnerabilities, and violations of configuration policies and acceptable use policies. |
Can't find something on our site or have a question for us? Please feel free to drop us a line, or call our headquarters: 800.917.4134