Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic & Clinical Health Act (HITECH)
As with other security standards, NNT Change Tracker Enterprise provides a keystone for any cyber defense strategy. Device Hardening and Vulnerability Management is at the core, but with critical operational processes such as Change Management comprehensively covered alongside Host Intrusion Detection capabilities, Change Tracker offers an easy to use but fully featured security and compliance solution.
'Out of the Box' HIPAA compliance reports are provided, based on both CIS and NIST 800-53 recommendations. These hardened build standards can then be tailored to your specific healthcare and ePHI systems to ensure access rights and audit trails are provisioned correctly.
Best of all, NNT Change Tracker monitors for compliance continuously to ensure that if any drift from your secure configuration occurs, you can address it immediately before any damage is done. And because no system can ever be guaranteed to be 100% secure, Change Tracker provides a non-stop, real-time file integrity monitoring (FIM) function acting as a hypersensitive, forensic-level host intrusion detection system (HIDS).
With compensation awards for HIPAA breaches at an all-time high, make sure that your systems are secure at all times by using NNT Change Tracker.
Electronic Personal Health Information (PHI) records are at risk of theft or exposure just like any other data stored in computer systems. HIPAA and the subsequent HITECH act mandate the responsibility to protect the confidentiality of health information.
Each time access is provided to healthcare records, the potential for loss of privacy or integrity increases. The HIPAA Privacy Rule clarifies the rights of the individual with respect to controlling access, integrity and confidentiality of their health information and the 2013 HIPAA Omnibus rules made it clear that sub-contractors and associated business partners were equally accountable to HIPAA standards of governance.
In other words, the burden of HIPAA compliance now applies to everyone – if your organization is responsible for a breach of patient privacy, expect to feel the full weight of a HIPAA lawsuit.
These consensus-based security recommendations may help medical device manufacturers and healthcare providers assess and mitigate cyber vulnerabilities. These mappings provide a detailed matrix aligning security configuration recommendations provided in the CIS Microsoft Windows 7 Benchmark v2.1.0 and Windows XP Benchmark v3.1.0 to the Security Capabilities included in a Technical Report (IEC/TR 80001-2-2) within International Electrotechnical Commission (IEC) 80001-1, a global standard for performing risk management of IT networks that include medical devices. NNT Change Tracker now delivers a fully automated assessment against these checklists and performs continuous compliance monitoring with real-time breach detection to maintain 24/7 security.
Did you know? In December of 2011, DHS named the State Dept. CISO as the director of the National Cybersecurity Division, with the mandate to bring about the same type and level of risk reduction across the government and the critical infrastructure as he had led at the State Department. Prior to this appointment, in 2009, the U.S. Department of State validated the consensus controls by determining whether the controls covered the 3,085 attacks it had experienced in FY 2009. In a presentation to the Intelligence Community, the State Department CISO reported remarkable alignment of the CIS consensus controls and the State Department actual attacks. He also launched a program to implement automated capabilities to enforce the key controls and provide daily mitigation status information to every system administrator across 24 time zones in which the State Department operates. With a very rapid achievement of a more than 88% reduction in vulnerability-based risk across 85,000 systems, the State Department's program became a model for large government and private sector organizations.