best practices for addressing the hipaa security rule · best practices for addressing the hipaa...
TRANSCRIPT
![Page 1: Best Practices for Addressing the HIPAA Security Rule · Best Practices for Addressing the HIPAA Security Rule Presenters: David Ginsberg President PrivaPlan Associates, Inc. Jeff](https://reader033.vdocuments.us/reader033/viewer/2022050603/5faacf30e6179f2aa77fa03a/html5/thumbnails/1.jpg)
Best Practices for Addressing the HIPAA
Security Rule
Presenters:
David Ginsberg
President
PrivaPlan Associates, Inc.
Jeff Melnick
Systems Engineer
![Page 2: Best Practices for Addressing the HIPAA Security Rule · Best Practices for Addressing the HIPAA Security Rule Presenters: David Ginsberg President PrivaPlan Associates, Inc. Jeff](https://reader033.vdocuments.us/reader033/viewer/2022050603/5faacf30e6179f2aa77fa03a/html5/thumbnails/2.jpg)
Cyber Security Risks in Healthcare
![Page 3: Best Practices for Addressing the HIPAA Security Rule · Best Practices for Addressing the HIPAA Security Rule Presenters: David Ginsberg President PrivaPlan Associates, Inc. Jeff](https://reader033.vdocuments.us/reader033/viewer/2022050603/5faacf30e6179f2aa77fa03a/html5/thumbnails/3.jpg)
Cyber Security Risks in Healthcare
![Page 4: Best Practices for Addressing the HIPAA Security Rule · Best Practices for Addressing the HIPAA Security Rule Presenters: David Ginsberg President PrivaPlan Associates, Inc. Jeff](https://reader033.vdocuments.us/reader033/viewer/2022050603/5faacf30e6179f2aa77fa03a/html5/thumbnails/4.jpg)
Cyber Security Risks in Healthcare
![Page 5: Best Practices for Addressing the HIPAA Security Rule · Best Practices for Addressing the HIPAA Security Rule Presenters: David Ginsberg President PrivaPlan Associates, Inc. Jeff](https://reader033.vdocuments.us/reader033/viewer/2022050603/5faacf30e6179f2aa77fa03a/html5/thumbnails/5.jpg)
Cyber Security Risks in Healthcare
![Page 6: Best Practices for Addressing the HIPAA Security Rule · Best Practices for Addressing the HIPAA Security Rule Presenters: David Ginsberg President PrivaPlan Associates, Inc. Jeff](https://reader033.vdocuments.us/reader033/viewer/2022050603/5faacf30e6179f2aa77fa03a/html5/thumbnails/6.jpg)
HIPAA REQUIREMENTS – SECURITY RULE
Information system activity review (Required). Implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports.
164.308(a)(1)(ii)(D)
![Page 7: Best Practices for Addressing the HIPAA Security Rule · Best Practices for Addressing the HIPAA Security Rule Presenters: David Ginsberg President PrivaPlan Associates, Inc. Jeff](https://reader033.vdocuments.us/reader033/viewer/2022050603/5faacf30e6179f2aa77fa03a/html5/thumbnails/7.jpg)
HIPAA REQUIREMENTS – SECURITY RULE
Standard: Audit controls. Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.
164.312(b)
![Page 8: Best Practices for Addressing the HIPAA Security Rule · Best Practices for Addressing the HIPAA Security Rule Presenters: David Ginsberg President PrivaPlan Associates, Inc. Jeff](https://reader033.vdocuments.us/reader033/viewer/2022050603/5faacf30e6179f2aa77fa03a/html5/thumbnails/8.jpg)
WHAT DO YOU NEED TO AUDIT?
Operating systems – including Active Directory
Applications like the EHR or LIS
Diagnostic devices
Files and foldersHardware
Web applications
![Page 9: Best Practices for Addressing the HIPAA Security Rule · Best Practices for Addressing the HIPAA Security Rule Presenters: David Ginsberg President PrivaPlan Associates, Inc. Jeff](https://reader033.vdocuments.us/reader033/viewer/2022050603/5faacf30e6179f2aa77fa03a/html5/thumbnails/9.jpg)
WHAT DO YOU NEED TO AUDIT?
Interfaces
Malware and patches
Processes
Termination of access Access permissions
![Page 10: Best Practices for Addressing the HIPAA Security Rule · Best Practices for Addressing the HIPAA Security Rule Presenters: David Ginsberg President PrivaPlan Associates, Inc. Jeff](https://reader033.vdocuments.us/reader033/viewer/2022050603/5faacf30e6179f2aa77fa03a/html5/thumbnails/10.jpg)
BEST PRACTICES
RANDOM AUDITS
AUDITING THE AUDIT SETTINGS (ARE THEY DISABLED?)
NEXTGEN EXAMPLE
![Page 11: Best Practices for Addressing the HIPAA Security Rule · Best Practices for Addressing the HIPAA Security Rule Presenters: David Ginsberg President PrivaPlan Associates, Inc. Jeff](https://reader033.vdocuments.us/reader033/viewer/2022050603/5faacf30e6179f2aa77fa03a/html5/thumbnails/11.jpg)
CONTINUOUS AUDIT
Find gaps in policies
Monitor for unusual
behaviors
Lock down doorways for breach
Avoid business
interruption
Focus on Business
Continuity
![Page 12: Best Practices for Addressing the HIPAA Security Rule · Best Practices for Addressing the HIPAA Security Rule Presenters: David Ginsberg President PrivaPlan Associates, Inc. Jeff](https://reader033.vdocuments.us/reader033/viewer/2022050603/5faacf30e6179f2aa77fa03a/html5/thumbnails/12.jpg)
BEST PRACTICES
USE OF A THIRD PARTY UI AND TOOL
NETWRIX AUDITOR FUNCTIONALITY
DEALING WITH THE DATA CLUTTER OF AUDIT TOOLS
AND REPORTS
![Page 13: Best Practices for Addressing the HIPAA Security Rule · Best Practices for Addressing the HIPAA Security Rule Presenters: David Ginsberg President PrivaPlan Associates, Inc. Jeff](https://reader033.vdocuments.us/reader033/viewer/2022050603/5faacf30e6179f2aa77fa03a/html5/thumbnails/13.jpg)
Who: A visibility platform for user behavior analysis and risk mitigation = insider threats
What: Enables control over changes, configurations, and access
• Focus on regulatory compliance
• Investigate threat patterns before a data breach occurs
How: Provide security analytics
• Detect anomalies in user behavior (who, what, when, where)
• Provide actionable data
• Reduce log event noise
Netwrix Auditor
![Page 14: Best Practices for Addressing the HIPAA Security Rule · Best Practices for Addressing the HIPAA Security Rule Presenters: David Ginsberg President PrivaPlan Associates, Inc. Jeff](https://reader033.vdocuments.us/reader033/viewer/2022050603/5faacf30e6179f2aa77fa03a/html5/thumbnails/14.jpg)
Netwrix Auditor Applications
Netwrix Auditor for Active Directory
Netwrix Auditor for Windows File Servers
Netwrix Auditor for Oracle Database
Netwrix Auditor for Azure AD
Netwrix Auditor for EMC
Netwrix Auditor for SQL Server
Netwrix Auditor for Exchange
Netwrix Auditor for NetApp
Netwrix Auditor for Windows Server
Netwrix Auditor for Office 365
Netwrix Auditor for SharePoint
Netwrix Auditor for VMware
![Page 15: Best Practices for Addressing the HIPAA Security Rule · Best Practices for Addressing the HIPAA Security Rule Presenters: David Ginsberg President PrivaPlan Associates, Inc. Jeff](https://reader033.vdocuments.us/reader033/viewer/2022050603/5faacf30e6179f2aa77fa03a/html5/thumbnails/15.jpg)
Netwrix Auditor Add-on Store
![Page 16: Best Practices for Addressing the HIPAA Security Rule · Best Practices for Addressing the HIPAA Security Rule Presenters: David Ginsberg President PrivaPlan Associates, Inc. Jeff](https://reader033.vdocuments.us/reader033/viewer/2022050603/5faacf30e6179f2aa77fa03a/html5/thumbnails/16.jpg)
Netwrix Auditor Benefits
Relieves IT departments of manual
crawling through weeks of log data
to get the information about who
changed what, when and where
and who has access to what.
Detect Data Security Threats – On Premises
and in the Cloud
Pass Compliance Audits with Less Effort and
Expense
Increase the Productivity of Security and Operations Teams
Bridges the visibility gap by
delivering security analytics about
critical changes, state of
configurations and data access in
hybrid cloud IT environments and
enables investigation of suspicious
user behavior.
Provides the evidence required to
prove that your organization’s IT
security program adheres to PCI
DSS, HIPAA, HITECH, SOX,
FISMA/NIST800-53, COBIT, ISO/IEC
27001 and other standards.
![Page 17: Best Practices for Addressing the HIPAA Security Rule · Best Practices for Addressing the HIPAA Security Rule Presenters: David Ginsberg President PrivaPlan Associates, Inc. Jeff](https://reader033.vdocuments.us/reader033/viewer/2022050603/5faacf30e6179f2aa77fa03a/html5/thumbnails/17.jpg)
Netwrix Customers
Healthcare & Pharmaceutical
![Page 18: Best Practices for Addressing the HIPAA Security Rule · Best Practices for Addressing the HIPAA Security Rule Presenters: David Ginsberg President PrivaPlan Associates, Inc. Jeff](https://reader033.vdocuments.us/reader033/viewer/2022050603/5faacf30e6179f2aa77fa03a/html5/thumbnails/18.jpg)
Demonstration
Netwrix Auditor
![Page 19: Best Practices for Addressing the HIPAA Security Rule · Best Practices for Addressing the HIPAA Security Rule Presenters: David Ginsberg President PrivaPlan Associates, Inc. Jeff](https://reader033.vdocuments.us/reader033/viewer/2022050603/5faacf30e6179f2aa77fa03a/html5/thumbnails/19.jpg)
Out-of-the-box compliance reports mapped toward specific requirements of regulatory compliance standards.
![Page 20: Best Practices for Addressing the HIPAA Security Rule · Best Practices for Addressing the HIPAA Security Rule Presenters: David Ginsberg President PrivaPlan Associates, Inc. Jeff](https://reader033.vdocuments.us/reader033/viewer/2022050603/5faacf30e6179f2aa77fa03a/html5/thumbnails/20.jpg)
Maximized visibility and transparency of all changes within your IT infrastructure.
![Page 21: Best Practices for Addressing the HIPAA Security Rule · Best Practices for Addressing the HIPAA Security Rule Presenters: David Ginsberg President PrivaPlan Associates, Inc. Jeff](https://reader033.vdocuments.us/reader033/viewer/2022050603/5faacf30e6179f2aa77fa03a/html5/thumbnails/21.jpg)
Complete picture of changes made by a specific user across all IT systems.
![Page 22: Best Practices for Addressing the HIPAA Security Rule · Best Practices for Addressing the HIPAA Security Rule Presenters: David Ginsberg President PrivaPlan Associates, Inc. Jeff](https://reader033.vdocuments.us/reader033/viewer/2022050603/5faacf30e6179f2aa77fa03a/html5/thumbnails/22.jpg)
Simplified investigation of changes affecting security of IT systems and data.
![Page 23: Best Practices for Addressing the HIPAA Security Rule · Best Practices for Addressing the HIPAA Security Rule Presenters: David Ginsberg President PrivaPlan Associates, Inc. Jeff](https://reader033.vdocuments.us/reader033/viewer/2022050603/5faacf30e6179f2aa77fa03a/html5/thumbnails/23.jpg)
Who, What, When, Where details and Before/After values of everything that seems suspicious.
![Page 24: Best Practices for Addressing the HIPAA Security Rule · Best Practices for Addressing the HIPAA Security Rule Presenters: David Ginsberg President PrivaPlan Associates, Inc. Jeff](https://reader033.vdocuments.us/reader033/viewer/2022050603/5faacf30e6179f2aa77fa03a/html5/thumbnails/24.jpg)
IT Risk Assessment
![Page 25: Best Practices for Addressing the HIPAA Security Rule · Best Practices for Addressing the HIPAA Security Rule Presenters: David Ginsberg President PrivaPlan Associates, Inc. Jeff](https://reader033.vdocuments.us/reader033/viewer/2022050603/5faacf30e6179f2aa77fa03a/html5/thumbnails/25.jpg)
Industry Awards and Recognition
All awards: www.netwrix.com/awards
![Page 26: Best Practices for Addressing the HIPAA Security Rule · Best Practices for Addressing the HIPAA Security Rule Presenters: David Ginsberg President PrivaPlan Associates, Inc. Jeff](https://reader033.vdocuments.us/reader033/viewer/2022050603/5faacf30e6179f2aa77fa03a/html5/thumbnails/26.jpg)
Free Trial – setup in your own test environment:
On-premises: netwrix.com/auditor
Virtual: netwrix.com/virtual_appliances
Cloud: netwrix.com/cloud_opportunities
Test Drive: run a virtual POС in a Netwrix-hosted test lab netwrix.com/testdrive
Live Demo: product tour with Netwrix expert netwrix.com/one-to-one
Contact Sales to obtain more information netwrix.com/contactsales
Webinars: join our upcoming webinars and watch the recorded sessions
• netwrix.com/webinars
• netwrix.com/webinars#featured
Meeting HIPAA Compliance with Netwrix Auditor: netwrix.com/HIPAA_Compliance
Next Steps
![Page 27: Best Practices for Addressing the HIPAA Security Rule · Best Practices for Addressing the HIPAA Security Rule Presenters: David Ginsberg President PrivaPlan Associates, Inc. Jeff](https://reader033.vdocuments.us/reader033/viewer/2022050603/5faacf30e6179f2aa77fa03a/html5/thumbnails/27.jpg)
Thank You!
David Ginsberg
President
PrivaPlan Associates, Inc.
Jeff Melnick
Systems Engineer