HIPAA Compliance Solutions

Keep patients' medical information safe from loss or theft

The Health Insurance Portability and Accountability Act (HIPAA) protects the privacy and security of personal health information (PHI). Any healthcare organization that stores, processes, or transmits PHI must meet HIPAA compliance requirements, including any business associates that perform functions or provide services on their behalf.

The HIPAA Compliance Security Rule lists a set of security standards with implementation requirements designed to safeguard PHI in electronic form (ePHI). These standards are grouped into five categories: administrative safeguards, physical safeguards, technical safeguards, organizational requirements, and policies and procedures.

Which regulations matter to you?

We'll help you determine which regulations your organization needs to meet.

Contact Us

How Rapid7 helps get you HIPAA compliant

Know your network and identify weak points

Use InsightVM to conduct a thorough assessment of risks across vulnerabilities, configurations, and controls, and prioritize risks for remediation based on threat exposure and business impact. Automatically audit your systems for compliance with secure configurations, password policies, and access control requirements via pre-built scan templates, or with the Custom Policy Builder capability. Custom Policy Builder enables you to create, modify, and augment common compliance requirements like HIPAA based on the unique needs of your IT environment.

Test effectiveness of your security controls

Simulate real-world attacks against your defenses and evaluate the effectiveness of security measures at protecting ePHI with Metasploit. The closed feedback loop with InsightVM enables you to validate the exploitability of vulnerabilities in Metasploit and automatically prioritize for remediation in InsightVM.

Monitor user behavior and manage security incidents

InsightIDR provides the ability to tag systems containing ePHI as “restricted,” then monitors all activity on these systems for unauthorized access. Leverage user behavior analytics to detect security incidents and accelerate investigations with instant user context, endpoint interrogation, and advanced search capabilities.

Assess applications for vulnerabilities

Use InsightAppSec to dynamically scan your web, mobile, and cloud applications for vulnerabilities (including those that allow unauthorized persons to bypass authentication controls), and generate interactive reports for remediation. Leverage built-in HIPAA reports to quickly identify gaps and demonstrate compliance.

Build an effective security program aligned to HIPAA

Rapid7's Security Advisory Services team can perform a full assessment of your security program against HIPAA regulations to help you improve your ability to protect ePHI. Rapid7 can also help you with monitoring your network for threats, penetration testing, security awareness training, and responding to security breaches.

Ensure compliance in cloud environments

When using Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), or any other CSP, compliance is a shared responsibility between the CSP and the customer. You as the customer are responsible for configuring and using cloud services in a way that complies with the applicable directives contained within HIPAA. 

DivvyCloud enables you to automate compliance with HIPAA. DivvyCloud provides dozens of out-of-the-box policies as part of our HIPAA compliance pack that map back to specific directives within HIPAA. For example, DivvyCloud’s policy “Snapshot With PHI Unencrypted” supports compliance with the “Encryption Controls – §164.312(a)(2)(iv)” directive in HIPPA. You can immediately use the HIPAA compliance pack to identify and remediate policy violations in real time.   

Free InsightIDR Trial

Try InsightIDR

Try InsightIDR

No credit card required. All fields are mandatory.



    Sorry your request cannot be completed at this time. Please reach out to sales at +1-866-7RAPID7 or at sales@rapid7.com.
    View system requirements.