Healthcare

The Health Information Portability and Accountability Act of 1996 and the subsequent security and privacy regulations have created a large area of compliance focus in the security industry. The Final Security Rule was made effective on April 21, 2003. The question for healthcare organizations is what tools and methods are needed and how they are most optimally deployed to establish and maintain compliance in an efficient and cost effective manner. While the Final Rule, much like the other security regulations, does not specify technologies to be utilized, it does certainly frame the scope of the effort as it does “require that each covered entity engaged in the electronic maintenance or transmission of health information pertaining to individuals assess potential risks and vulnerabilities to such information in its possession in electronic form, and develop, implement and maintain appropriate security measures to protect that information. Importantly, these measures are required to be documented and kept current.”

Specifically the rule takes a three pronged approach to implementation providing guidelines for administrative, physical and technical safeguards in Subpart C, Sections 164.308, 310 and 312. Each component has various subcomponents that are either required or addressable (based on covered entity environment, is it reasonable to implement?).

FusionVM & Establishing an Effective Risk Management Process for HIPAA Compliance

FusionVM is particularly useful for achieving compliance more so than other types of security technology because it demonstrates the presence of a true operational process. This is vital because the security threat landscape is constantly shifting. It also enables organizations to assess, mitigate and measure the known vulnerabilities in their infrastructure, the greatest cause of electronic security risks.

On an enterprise wide scale, FusionVM provides an automated means of identifying and profiling all the assets on the network(s). From there it consistently assesses those assets for vulnerabilities with a daily updated vulnerability database. The results of the ongoing assessments are streamed dynamically to the responsible asset owner to enable immediate action. In between recurring assessments companies also receive alerts on newly emerging vulnerabilities that specifically affect them. These alerts are also delivered directly to the responsible asset owner the same day the vulnerability is first identified. The FusionVM solution has a powerful reporting engine not only for measuring security posture but also auditing the process itself. All the above stages represent a consistent risk management process covering the entire lifecycle of a vulnerability from discovery to closure.