Healthcare Services

Verifying HIPAA Compliance

The Administrative Simplification section of HIPAA encompasses several rules, including the Security Rule, which mandates uniform protection of all health information that pertains to an individual. To be compliant with HIPAA, health-related institutions must employ procedures that protect the disclosure of an individual’s personal health information, ensuring the privacy and security of that information as it is collected, processed and transferred to other health organizations.

For healthcare organizations such as hospitals, physicians’ group practices, insurance carriers, and HMOs, HIPAA presents major challenges to ensure compliance, as they need to train employees on privacy measures, have someone appointed to oversee privacy initiatives, and, more importantly, implement measures to secure storage of and access to patient records. Several departments are impacted, but none more so than IT, which is responsible for the security of the organization’s networks and the information and files contained with them.

To protect the privacy and integrity of personal records, IT security administrators at healthcare organizations need to keep watch for vulnerabilities that can enable unauthorized users to access private information. They also need to document HIPAA security compliance. Manual security auditing processes are not comprehensive and take too long to implement in order to protect the organization from exposure to viruses, worms, or hackers looking to steal personal information. Automating your security audits and speeding up the remediation process enables you to more effectively secure your networked environment.

How NeXpose Helps

NeXpose can help healthcare organizations, insurance companies, medical schools and other organization that handle sensitive patient information achieve HIPAA compliance. To satisfy HIPAA Section 164.308, an organization needs to use a proactive vulnerability assessment solution to continually audit your network for vulnerabilities. In addition, NeXpose can help your organization achieve compliance with HIPAA Section 164.312 by using NeXpose's policy auditing functions to alert you of policy violations or misconfigurations.

"We invited Rapid7 to perform an external vulnerability assessment, an important task we do annually as part of our compliance assessment, which assists in certifying our security practices since we are regulated by HIPAA and SOX. It was a "blind" penetration test — conducted without any knowledge of our network - however Rapid7 performed very well and with precise understanding and knowledge of network environments. Considering the scope of our project, Rapid7 was very thorough, accomplished all our objectives and met our expectations by completing the project in a timely manner. To check additional security practices, they also did a social engineering test to ensure employees are trained sufficiently in protecting information that would allow intruders to access our network."

Danny Dominguez
Information Security Manager
Odyssey HealthCare