CorreLog, Inc.   Solutions   Download   Partners   News   Support   About Login

Solutions > CorreLog For HIPAA Compliance

The USA Federal Health Insurance Portability and Accountability Act (HIPAA) contains numerous security policies that are required for any organization that is involved with the handling of private health record information of USA citizens and residence. This standard is required of all hospitals, doctors, health care workers, and health insurance companies.

 

The HIPAA Compliance Standard

The security measures of HIPAA are similar to those of other standards and guidelines, and are intended to protect individually identifiable health information, and the confidentiality provisions of the Patient Safety Rule, which protect identifiable information being used to analyze patient safety events and improve patient safety. CorreLog directly supports HIPAA standards, as described here,

User Access Report.
HIPAA requirements (164.308 (a)(5) - log-in/log-out monitoring) clearly state that user accesses to the system be recorded and monitored for possible abuse. This report is available in CorreLog.

Audit Logs Access Report.
CorreLog provides records of information system activity such as audit logs to help meet HIPAA requirements (164.308 (a)(3) that call for procedures to regularly review and audit access logs.

Object Access Report.
CorreLog identifies when a given object (File, Directory, etc.) is accessed, the type of access (e.g. read, write, delete) and whether or not access was successful/failed, and who performed the action.

System Events Report.
CorreLog identifies local system processes such as system startup and shutdown and changes to the system time or audit log.

Host Session Status Report.
CorreLog indicates that someone reconnected to a disconnected terminal server session (generated on a machine with terminal services running).

Successful User Account Validation Report.
CorreLog identifies successful user account logon events, which are generated when a domain user account is authenticated on a domain controller.

Unsuccessful User Account Validation Report.
CorreLog identifies unsuccessful user account logon events, which are generated when a domain user account is authenticated on a domain controller.

Restrict physical access to health care data.
CorreLog provides multiple features that indicate access to systems, including clear indications when systems are restarted, indications that physical access may be breached, and indications of tampering. This includes detection of USB and computer driver activity; indicating that somebody may have physical access to a restricted machine. CorreLog monitors the creation, deletion and modification of user accounts and groups, including by time of day, so that 'after hours' unauthorized access is easily detected.

Track and monitor all access to network resources
This is the main role of CorreLog as a security monitor. It provides visibility into who is logging into what areas of the enterprise and keeps track of what users are doing on the system. This is achieved through monitoring log messages and mapping activity back to security protocol.

Regularly test security systems and processes.
CorreLog schedules periodic tests of network integrity and verifies that certain messages are logged, indicating successful tests. CorreLog interfaces easily with common, security-test software, including port scanners, to verify that CorreLog is successfully monitoring system security. CorreLog has a self-test associated with AES encryption that permits users to verify that CorreLog encryption is working.

Maintain a policy that addresses information security.
An organization cannot claim to have a comprehensive information security policy without monitoring the security message being constantly logged on platforms within your enterprise. An enterprise that installs CorreLog, with no other action, takes a major step forward in creating and maintaining an enterprise security policy.

Develop and maintain secure systems and applications.
CorreLog furnishes ability to make Windows platforms more secure (using the CorreLog Windows agent). For UNIX and other platforms, CorreLog leverages the existing native agent (i.e. the syslog process) to make the managed system more secure. CorreLog is a substantial "development component" of an enterprise-wide security policy, incorporating a standards-based, easy-to-use API to allow you to extend your security to any streaming log file or home-grown application.

CorreLog specifically facilitates compliance with HIPAA using out-of-box reporting templates, macros, and taxonomies. By using CorreLog, organizations can be assured that they meet the intent of HIPAA security provisions, and can demonstrate their compliance for patient information safety as a normal part of their operational security.

View Other Compliance Notes And Guidelines...

This is CorreLog
Security Compliance
Datasheets
 
Free Trial Download
Request Product Demo
Purchase CorreLog

Privacy  |  Product Licensing  |  Contact Us

CorreLog: High Performance Correlation, Search, and Log Management

Copyright © 2010, CorreLog, Inc. All rights reserved.
All trademarks and registered trademarks used herein are the properties of their respective owners.

Google, Twitter, Digg, SlashDot, Cisco, Microsoft