HIPAA
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a broad reform of the healthcare industry. Within the regulation, the Administration Simplification section has a significant impact on IT and Information Security departments, as well as healthcare software application vendors. NetIQ products assist healthcare organizations in complying with HIPAA's Privacy and Security Rules-a component of Administration Simplification-to ensure the confidentiality, integrity and availability of a patient's protected health information. By streamlining your organization's business processes to incorporate HIPAA's requirements, NetIQ products improve business continuity and operational efficiency, helping to reduce your costs of complying with the Act.
Business Problem
Severe civil and criminal penalties threaten healthcare organizations that are found to be noncompliant with HIPAA. To comply with the Act's Privacy and Security Rules, IT departments must implement strategies and processes to:
- Assure service levels, policy compliance and appropriate risk management
- Secure all assets and services
- Control and track all access to protected health information
- Reduce the cost and complexity of heterogeneous IT infrastructure management
The NetIQ Solution
NetIQ provides award-winning and industry-recognized products that help you comply with the Act's Privacy and Security rules. Specifically, NetIQ can assist in the areas of:
- Performance Management – Meet service level commitment, end-user expectation and business-driven IT performance objectives, while reducing your operating costs.
- Security Management – Monitor your diverse security environment, resolve incidents and satisfy log management requirements without consuming all your time and resources.
- Configuration Management – Demonstrate IT compliance with policies and regulations through security configuration management, regulatory mapping and reporting.
- Change Control – Control and audit system changes to assure the integrity of your distributed IT infrastructure through time-based, task-specific permissions management.
- Windows Administration – Delegate and automate administrative tasks to streamline your work, while maximizing your return on Windows and Active Directory.
Key Features
NetIQ offers a range of products that help organizations define, manage and report a consistent set of internal controls over their corporate data and systems.
- Incident Detection and Management. NetIQ Security Manager provides both real-time security incident monitoring and log analysis capabilities. Along with providing the necessary communication and response to security incidents, as outlined by the Administrative Safeguards in the HIPAA Security Rule, the product delivers the protection, detection, containment and correction of security breaches. Its log management and analysis brings you additional auditing for security applications and devices (firewalls, anti-virus, intrusion detection systems), as well as network devices. These capabilities enable you to comply with the Incident Response requirements of the Administrative Safeguards in the HIPAA Security Rule.
- Access Controls for Systems. NetIQ Security Administration Suite enables effective administration of a role-based environment through delegation of administrator-level tasks, ensuring the most appropriate person in the business process has rights to perform necessary tasks but nothing further. This also ensures that all personnel who have access to sensitive customer information have the required level of authority in accordance with the Access Controls required by the Technical Safeguards in the HIPAA Security Rule.
- Audit for policy compliance, security vulnerabilities, and patches. With NetIQ Secure Configuration Manager, you automatically receive information on the latest vulnerabilities, exploits, patches and policy best practices so you can immediately identify and correct any issues. Use the HIPAA Checkup Template to quickly establish a compliance baseline and meet the Audit Controls requirements in the Technical Safeguards section of the HIPAA Security Rule.
- Demonstrate regulatory compliance across your IT environment. The NetIQ Risk and Compliance Center solution maps technical assessment results to specific regulations and standards to present key compliance metrics for different control areas. From high-level compliance reports, managers can drill-down to problem areas and render management reports based on HIPAA requirements.
