HomeIndustry/ComplianceCompliance Solutions

HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 and its Security Rule establish requirements for safeguards to protect the confidentiality, integrity, and availability of electronic protected health information.

HIPAA applies to virtually all healthcare organizations — including all healthcare providers, health plans, public health authorities, healthcare clearinghouses, and self-insured employers – as well as life insurers, information systems vendors, various service organizations, and universities. The Administrative Simplification section of HIPAA resulted in several rules, including the Security Rule. The final Security Rule was published on February 20, 2003, and provides for a uniform level of protection of all health information that is housed or transmitted electronically and that pertains to an individual. HIPAA requires covered entities to:

  • Ensure the confidentiality, integrity, and availability of all electronic protected health information (ePHI) the covered entity creates, receives, maintains, or transmits
  • Protect against any reasonably anticipated threats or hazards to the security or integrity of ePHI
  • Protect against any reasonably anticipated uses or disclosures of such information that are not permitted or required by the Privacy Rule ensure compliance by their workforce.

HIPAA calls for severe civil and criminal penalties for noncompliance, including fines of up to $25K for multiple violations of the same standard in a calendar year, and fines of up to $250K and/or imprisonment up to 10 years for knowing misuse of individually identifiable health information.

Ensuring Compliance
Sourcefire’s ground-breaking 3D approach – Discover, Determine, Defend – is the first and only intelligent cybersecurity system that integrates IPS, NBA, and compliance technologies to provide healthcare organizations with the most effective, efficient network security for adhering to HIPAA security regulations.

Sourcefire Enables HIPAA Compliance
The Sourcefire 3D® System is a fully integrated, real-time process of discovering risks, vulnerabilities, and threats; determining their business impact; and taking the most precise, appropriate action to defend the network – exactly what your company needs to address HIPAA security requirements.

HIPAA Requirement Sourcefire 3D Approach
164.306 – the General Rule Protect against reasonably anticipated risks and threats The 3D System delivers several best practice controls to secure networks from reasonably anticipated risk and threats
164.308 – policies and procedures to prevent. detect, correct and contain security violations The 3D System enables organizations to set and continuously enforce security policies related to security incidents, violations, configuration, and network use policy
164.312/316 – Implement reasonable and appropriate policies and procedures to comply with standards & implementation specifications The 3D System monitors, logs, and reports on security events, potential vulnerabilities, and violations of configuration policies and acceptable use policies.