Application Security Inc. - Database Security, Monitoring, Assessment, Auditing, Encryption, and Regulatory Compliance.
 
 
 
home client login partner login purchasing info contact us
search:
Solutions Products Partners Support News & Events About Us
add this
AppSec Inc Solutions
HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) was enacted to protect Personal Health Information (PHI). Title II of HIPAA includes the Privacy Rule which regulates the use and disclosure of PHI held by health care clearinghouses, employer-sponsored health plans, health insurers, and medical service providers. HIPAA's Security and Privacy rules outline the requirements for Electronically Protected Health Information (EPHI). The Security Rule includes:

  • Controlling and monitoring access to equipment containing health information.
  • Limiting access to hardware and software to properly authorized individuals.
  • Protecting information systems housing PHI from intrusion.
  • Ensuring that the data within its systems has not been changed or erased in an unauthorized manner.
  • Documenting risk analysis and risk management programs.

HIPAA is very specific in its requirements to protect any hardware or software containing Electronically Protected Health Information (EPHI) and draws upon the federal guidelines for security requirements.

Network-Centric Versus Data-Centric Approaches to HIPAA
Many organizations start with a network-centric approach which focuses on the end points and periphery defense. Periphery defenses are limited in the protection they provide because:

  • SQL injection vulnerabilities are prevalent and provide direct access to the database.
  • Hackers are more successful loading malware onto employee workstations, providing a jump off point to the database and PHI.
  • Insider attacks are on the rise.

It is therefore critical that organizations include a data centric approach and protect the data where it lives - in the database. Application Security's data-centric solution is Precision Database Activity Monitoring (DAM). Precision DAM enables organizations to meet HIPAA compliance and secure their PHI data through an effective five step program of database security process control.

FIVE STEPS TO COST-EFFECTIVE HIPAA COMPLIANCE - TWO MINUTE TUTORIALS

Isolate
Sensitive
Databases

Maintain an accurate inventory of all databases deployed across the enterprise.
     

Eliminate
Vulnerabilities

Identify and fix vulnerabilities that are exposing the database on a continuous basis.
     

Enforce
Least
Privileges

 Reset user access controls and privileges to only the minimum database access required to do their jobs.
     

Monitor
for
Deviations

 Implement appropriate policies and monitor for any and all activity that deviates from normal and authorized activity.
     

Respond to
Suspicious
Activity

Alert and respond to any unauthorized or suspicious activity in real-time to minimize risk of attack.



SUMMARY OF REQUIREMENTS - HIPAA
Anatomy of an Attack - On Demand Webinar
Defending Against SQL Injection
Database Activity Monitoring Cost Considerations
Request a FREE trial
Contact Sales
Watch Demo
Review Analyst Reports
 
Contact Us | Privacy | Sitemap | Legal
sales@appsecinc.com | support@appsecinc.com 		Call us toll free at: 1-866-927-7732 | FAX: 1-212-947-8788
. Application Security, Inc. All Rights Reserved