Logging, auditing and monitoring
Encryption
Data Isolation
AC Product key feature overview
Logging, auditing and monitoring
Logging, auditing, and monitoring are critical to a covered entity’s ability to meet Accounting Rule 164.528, and essential help identify when a compromise has occurred that may lead to a breach notification.
Logging, auditing, and monitoring of access to e-PHI by authorized users and systems is a critical requirement of the HIPAA Security rule.
Application, database and device access logging is important to effectively support a covered entity or business associate’s breach management strategy and is an important support for auditing.
Real-time intrusion detection and protective response is desired for the identification of any attempted non-authorized access before it becomes a data breach.
Logging, auditing, and monitoring of access to e-PHI by authorized users and systems is a critical requirement of the HIPAA Security rule.
Application, database and device access logging is important to effectively support a covered entity or business associate’s breach management strategy and is an important support for auditing.
Real-time intrusion detection and protective response is desired for the identification of any attempted non-authorized access before it becomes a data breach.
Encryption
HIPAA Safeguard 164.312(a)(1)(2)(iv) Encryption and Decryption states that the ability to encrypt and decrypt e-PHI is essential to prevent unwanted exposure of e-PHI data. e-PHI encryption is end-to-end: data is encrypted between the e-PHI database and the application (app) on the authorized user computer.
Login connection between the authorized user computer and the e-PHI access controller is encrypted to prevent capture of passwords. In addition the information log of e-PHI accesses by authorized users is stored in an encrypted format to prevent unauthorized access.
Login connection between the authorized user computer and the e-PHI access controller is encrypted to prevent capture of passwords. In addition the information log of e-PHI accesses by authorized users is stored in an encrypted format to prevent unauthorized access.
Data Isolation
Covered entities that can effectively isolate e-PHI from other data are most effective at maintaining control over secure information.
Administrative functions and clinical data should be isolated through network segmentation in order to limit the scope and depth of security controls that are applied to various forms of data.
Segmenting clinical information from administrative information makes it possible to apply appropriate controls to effectively secure the protected information base. Enterprise networks are segmented by separating e-PHI onto its own IP address space as a protected subnet.
Segregating data within a covered entity via segmentation permits the network to support HIPAA Security Rule safeguards, minimizing risks to e-PHI and critical medical systems.
Administrative functions and clinical data should be isolated through network segmentation in order to limit the scope and depth of security controls that are applied to various forms of data.
Segmenting clinical information from administrative information makes it possible to apply appropriate controls to effectively secure the protected information base. Enterprise networks are segmented by separating e-PHI onto its own IP address space as a protected subnet.
Segregating data within a covered entity via segmentation permits the network to support HIPAA Security Rule safeguards, minimizing risks to e-PHI and critical medical systems.