Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

HIPAA Configuration Auditing

Looking to 2017, there may be new goals, challenges, and projects that face your organization. This is a good time to take the “10,000 foot view” of what your organization wants to address. While this is a great time to outline and plan new projects, this is also an opportune time to reassess current projects, including the controls put in place to address laws and regulations. One of those laws receiving attention in the news recently is the Health Insurance Portability Accountability Act (HIPAA).

Consequences of noncompliance

Passed into law in 1996, HIPAA is certainly not new. HIPAA is an act that addresses administrative, technical, and physical controls around protecting sensitive patient data. Most organizations under HIPAA’s umbrella already have an understanding of what the act means to their organizations in terms of securing sensitive data. But organizations can also grow complacent in their processes and ultimately become noncompliant, as discussed in our Drifting Out of Compliance blog post. This is a dangerous situation for organizations, as the federal government just fined a university $650,000 for being compromised with remote access malware:

“In the 13th major HIPAA enforcement action so far this year (2016), federal regulators have slapped the University of Massachusetts Amherst with a $650,000 financial settlement and corrective action plan after investigating a relatively small 2013 breach involving a malware infection at a campus speech and language center.”

There have been over $12 million HIPAA-related fines in 2016

Information security is a dynamic sector, regularly changing to remain current with trends, and your organization should not overlook controls and processes that act as the foundation of your overall security program. While the HIPAA acronym may be dated in some people’s minds, the enforcement certainly is not. There have already been over $12 million HIPAA-related fines in 2016 alone. Organizations should regularly assess their current processes that pertain to these controls so that they don’t lose track of their effectiveness.

Our blog, Tips for Making The Most of Your Year-End Spending, provides advice on budgeting for the new fiscal year. Two important tips are evaluating your current environment, and identifying the gaps between your current status and goals. Has your environment expanded at all? Does the new environment fall under HIPAA regulation? If so, do you have proper controls in place to protect that environment?

Two important tips: evaluate your current environment, and identify the gaps between your current status and goals

Tenable solutions

Tenable provides solutions that enable organizations to address these year-end questions by tracking and assessing environments with continuous network monitoring. The Tenable Assurance Report Cards (ARCs) do a great job of quickly analyzing environments against pre-defined baselines with a Pass/Fail grading. Organizations can leverage ARCs to quickly assess whether a previously compliant environment has developed compliance failures, or to grade completely new environments. In addition to ARCs, the HIPAA Configuration Audit Summary dashboard in SecurityCenter Continuous View® (SecurityCenter CV™) has been updated. It provides detailed and relevant data from your environment for security analysis and HIPAA compliance. The dashboard features over ten components that address HIPAA concerns such as:

  • Access Control & Workstation Security
  • Security Management Process
  • Integrity, Authentication & Transmission Security

You can customize these components to fit the uniqueness of your environment. The HIPAA dashboard also automatically tracks the number of hosts for each component, while displaying the percentage of hosts that have passed and the percentage of hosts that have failed.

HIPAA Configuration Audit Summary Dashboard

Conclusion

There are always new trends and concerns to be addressed when securing an environment, but fundamental processes, controls, and compliance should not be forgotten. Organizations can leverage Tenable solutions to keep up with the latest security trends while simultaneously addressing well-established regulation responsibilities such as those put in place by HIPAA.

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io Vulnerability Management

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.