Best Practices for Addressing the HIPAA
Security Rule
Presenters:
David Ginsberg
President
PrivaPlan Associates, Inc.
Jeff Melnick
Systems Engineer
Cyber Security Risks in Healthcare
Cyber Security Risks in Healthcare
Cyber Security Risks in Healthcare
Cyber Security Risks in Healthcare
HIPAA REQUIREMENTS – SECURITY RULE
Information system activity review (Required). Implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports.
164.308(a)(1)(ii)(D)
HIPAA REQUIREMENTS – SECURITY RULE
Standard: Audit controls. Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.
164.312(b)
WHAT DO YOU NEED TO AUDIT?
Operating systems – including Active Directory
Applications like the EHR or LIS
Diagnostic devices
Files and foldersHardware
Web applications
WHAT DO YOU NEED TO AUDIT?
Interfaces
Malware and patches
Processes
Termination of access Access permissions
BEST PRACTICES
RANDOM AUDITS
AUDITING THE AUDIT SETTINGS (ARE THEY DISABLED?)
NEXTGEN EXAMPLE
CONTINUOUS AUDIT
Find gaps in policies
Monitor for unusual
behaviors
Lock down doorways for breach
Avoid business
interruption
Focus on Business
Continuity
BEST PRACTICES
USE OF A THIRD PARTY UI AND TOOL
NETWRIX AUDITOR FUNCTIONALITY
DEALING WITH THE DATA CLUTTER OF AUDIT TOOLS
AND REPORTS
Who: A visibility platform for user behavior analysis and risk mitigation = insider threats
What: Enables control over changes, configurations, and access
• Focus on regulatory compliance
• Investigate threat patterns before a data breach occurs
How: Provide security analytics
• Detect anomalies in user behavior (who, what, when, where)
• Provide actionable data
• Reduce log event noise
Netwrix Auditor
Netwrix Auditor Applications
Netwrix Auditor for Active Directory
Netwrix Auditor for Windows File Servers
Netwrix Auditor for Oracle Database
Netwrix Auditor for Azure AD
Netwrix Auditor for EMC
Netwrix Auditor for SQL Server
Netwrix Auditor for Exchange
Netwrix Auditor for NetApp
Netwrix Auditor for Windows Server
Netwrix Auditor for Office 365
Netwrix Auditor for SharePoint
Netwrix Auditor for VMware
Netwrix Auditor Add-on Store
Netwrix Auditor Benefits
Relieves IT departments of manual
crawling through weeks of log data
to get the information about who
changed what, when and where
and who has access to what.
Detect Data Security Threats – On Premises
and in the Cloud
Pass Compliance Audits with Less Effort and
Expense
Increase the Productivity of Security and Operations Teams
Bridges the visibility gap by
delivering security analytics about
critical changes, state of
configurations and data access in
hybrid cloud IT environments and
enables investigation of suspicious
user behavior.
Provides the evidence required to
prove that your organization’s IT
security program adheres to PCI
DSS, HIPAA, HITECH, SOX,
FISMA/NIST800-53, COBIT, ISO/IEC
27001 and other standards.
Netwrix Customers
Healthcare & Pharmaceutical
Demonstration
Netwrix Auditor
Out-of-the-box compliance reports mapped toward specific requirements of regulatory compliance standards.
Maximized visibility and transparency of all changes within your IT infrastructure.
Complete picture of changes made by a specific user across all IT systems.
Simplified investigation of changes affecting security of IT systems and data.
Who, What, When, Where details and Before/After values of everything that seems suspicious.
IT Risk Assessment
Industry Awards and Recognition
All awards: www.netwrix.com/awards
Free Trial – setup in your own test environment:
On-premises: netwrix.com/auditor
Virtual: netwrix.com/virtual_appliances
Cloud: netwrix.com/cloud_opportunities
Test Drive: run a virtual POС in a Netwrix-hosted test lab netwrix.com/testdrive
Live Demo: product tour with Netwrix expert netwrix.com/one-to-one
Contact Sales to obtain more information netwrix.com/contactsales
Webinars: join our upcoming webinars and watch the recorded sessions
• netwrix.com/webinars
• netwrix.com/webinars#featured
Meeting HIPAA Compliance with Netwrix Auditor: netwrix.com/HIPAA_Compliance
Next Steps
Thank You!
David Ginsberg
President
PrivaPlan Associates, Inc.
Jeff Melnick
Systems Engineer