HIPAA Compliance

Achieving HIPAA Compliance with Managed Security Services

The Health Insurance Portability and Accountability Act (HIPAA) requires that the Department of Health and Human Services (HSS) establish national standards to address the security and privacy of healthcare data and electronic healthcare transactions, as well as provide national identifiers for providers, health plans and employers. Its primary goal is to simplify the administrative processes of the healthcare system and to protect patient privacy. To help healthcare organizations comply with privacy requirements, the rule titled “Security Standards for the Protection of Electronic Protected Health Information,” commonly known as the Security Rule, has been adopted in order to implement the various provisions of HIPAA. In general, Covered Healthcare Providers, Health Plans, Healthcare Clearing Houses, and Medicare Prescription Drug Card Sponsors must comply with the standards, requirements and implementation specifications of the HIPAA Security Rule, including:

HIPAA

 

  • Administrative Safeguards – administrative actions, policies and procedures designed to manage the selection, development, implementation and maintenance of security measures that protect electronic health information. These safeguards also manage the conduct of the covered entity’s workforce in relation to the protection of said information. The Administrative Safeguards comprise over half of the HIPAA security requirements and compliance with these safeguards requires an evaluation of security controls already in place, accurate and thorough risk analysis, and a series of documented solutions derived from factors that are unique to each covered entity
  • Physical Safeguards – physical measures, policies and procedures designed to protect a covered entity’s electronic information systems, related buildings and equipment from natural and environmental hazards, as well as unauthorized intrusion. When evaluating and implementing these safeguards, a covered entity must consider all physical access to EPHI beyond an actual office, such as work force members’ homes or other physical locations where they might access EPHI.
  • Technical Safeguards – the technology, and the policies and procedures associated with its use, that protect EPHI and control access to it. Technical safeguards are becoming more important as healthcare organizations are faced with the challenge of protecting EPHI from various internal and external threats. Based on the fundamental concepts of flexibility, scalability and technology neutrality, these safeguards allow a covered entity to determine which security measures and specific technologies are reasonable and appropriate for implementation in its organization.

Compliance with these security standards, as defined by HIPAA, is imperative to the ongoing business operations of healthcare companies. Failure to comply may result, not only in regulatory sanctions and fines, but also direct business loss as a result of lawsuits, damage to an organization’s reputation and degradation of the public’s trust.

How We Help

Masergy offers a full suite of enterprise-class products and services to assist healthcare organizations in successfully implementing the Security Standards outlined by HIPAA. Our extensive experience in fully integrated “no gaps” network security solutions and world-class Managed and Professional Services improve an organization’s security and HIPAA-compliance posture while significantly reducing security infrastructure costs.

 

Download HIPAA Compliance Brochure (PDF)

Explore our comprehensive advanced managed security solution, Unified Enterprise Security™.

Masergy's Unified Enterprise Security™ (UES) fulfills the promise of a truly integrated advanced threat-management solution, delivering an enterprise security capability unlike any other.

APT Management

Advanced analysis and machine learning detects advanced persistent threats before they cause material harm.

Network Behavioral Analysis

1200+ algorithms continuously learn normal network behaviors and correlate all sub-system data to identify abnormal behaviors.

Integrated Vulnerability Management

Unlimited vulnerability scanning which automatically correlates results with IDS/IPS to ensure signatures for known vulnerabilities are applied.

Intrusion Detection & Prevention

24/7 deep-packet network traffic inspection and tunable signatures designed to thwart advanced attacks.

Threat Intelligence Dashboard

Single pane of glass view into security posture, prioritized threat data, and remediation instructions.

Unified Cloud Security

Cloud ready solutions that thwart attacks on public cloud (e.g., Amazon EC2™), private cloud (e.g., VMware™), and hybrid cloud environments.

SIEM+

Integrated real-time monitoring, log-management/archival, and sophisticated analysis and reporting.

Network Access Policy Monitoring

Define and enforce corporate network security policy with continuous monitoring and advanced behavioral network analysis and correlation.

Managed Security Monitoring

Masergy's certified security experts continuously monitor to identify, investigate, and stop threats before they cause material harm.

REQUEST A FREE CONSULTATION

 

Free Consultation