Compliance
HIPAA
Regulation Summary
The Health Insurance Portability and Accountability Act of 1996 and its Security
Rule establish requirements for safeguards to protect the confidentiality, integrity, and availability of electronic
protected health info rmation. HIPAA applies to virtually all healthcare organizations - including all health care
providers, health plans, public health authorities, healthcare clearinghouses, and self-insured employers - as well as
life insurers, info rmation systems vendors, various service organizations, and universities.
The Administrative Simplification section of HIPAA resulted in several rules, including the Security Rule. The final
Security Rule was published on February 20, 2003 and provides for a uniform level of protection of all health information
that is housed or transmitted electronically and that pertains to an individual.
HIPAA requires covered entities to:
- Ensure the confidentiality, integrity, and availability of all electronic protected health info rmation (ePHI)
the covered entity creates, receives, maintains, or transmits
- Protect against any reasonably anticipated threats or hazards to the security or integrity of ePHI
- Protect against any reasonably anticipated uses or disclosures of such information that are not permitted or
required by the Privacy Rule
- Ensure compliance by their workforce.
HIPAA calls for severe civil and criminal penalties for noncompliance, including: fines of up to $25K for multiple
violations of the same standard in a calendar year; fines of up to $250K and/or imprisonment up to 10 years for knowing
misuse of individually identifiable health information.
Ensuring Compliance
Sourcefire’s ground-breaking 3D approach – Discover, Determine,
Defend – is the first and only enterprise threat management system that integrates IPS, NBA, NAC and vulnerability
assessment technologies to provide health care organizations with the most effective, efficient network security for adhering
to HIPAA security regulations.
Sourcefire Enables HIPAA Compliance
The Sourcefire 3D System™ is a fully integrated, real-time
process of discovering risks, vulnerabilities and threats; determining their business impact; and taking the most precise,
appropriate action to defend the network – exactly what your company needs to address HIPAA security requirements
| HIPAA Requirement |
Sourcefire 3D Approach |
| 164.306 the General Rule
Protect against reasonably anticipated risks and threats
|
The 3D System delivers several best practice controls to secure networks from
reasonably anticipated risk and threats
|
| 164.308 policies and procedures to prevent, detect, correct and contain security
violations
|
The 3D System enables organizations to set and continuously enforce security policies related
to security incidents and violations configuration and network use policy |
| 164.312/316 - Implement reasonable and appropriate policies and procedures to comply
with standards & implementation specifications
|
The 3D System monitors, logs, and reports security events, potential vulnerabilities,
and violations of configuration and acceptable use policies.
|
|
