HIPAA HITECH Compliance Solutions

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) Compliance

HIPAA and HITECH mandate the protection of individually identifiable health information and define data breach notification requirements.

How EiQ Helps

EiQ’s SOCVue Security Monitoring service helps healthcare providers and their business associates address HIPAA and HITECH by providing 24/7/365 security monitoring and reporting on systems that are associated with protected health data, including:

  • Administrative Safeguards: Procedures to regularly review records of information security activity, such as audit logs, access reports, and security incident tracking reports.
  • Technical Safeguards: Hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information (ePHI).

EiQ’s SOCVue Vulnerability Management service provides vulnerability detection and remediation guidance designed to help address HIPAA Workstation Security requirements.

With the Security Monitoring on-premise deployment option, EiQ’s SOC team can also proactively assess several additional network security controls, which are based on the SANS/CIS Critical Security Controls*, in order to reduce your compliance risk. The security controls are directly mapped to relevant sections of HIPAA.

Our SOCVue analysts will work with your organization to enable the reporting you need to help meet your compliance objectives with ease.

Critical Security Control HIPAA How SOCVue Security Monitoring Addresses How SOCVue Vulnerability Management Addresses

Critical Security Control #1: Inventory of Authorized and Unauthorized Devices

164.310(b): Workstation Use – R 164.310(c): Workstation Security – R

SOCVue security analysts can monitor DHCP event logs to track the identity of devices connecting to the network and help detect unauthorized devices.

SOCVue security analysts will conduct Qualys discovery scans in order to build an inventory of authorized and unauthorized devices.

Critical Security Control #4: Continuous Vulnerability Assessment and Remediation

164.310(b): Workstation Use – R 164.310(c): Workstation Security – R

SOCVue security analysts can help you correlate data from a wide variety of commercial vulnerability scanners with real-time security event data for enhanced alerting and reporting.

SOCVue Vulnerability Management includes Qualys vulnerability scanning along with our SOCVue security analysts to manage the tool and guide you with recommended action. New vulnerabilities can be quickly detected and appropriate staff notified.

Critical Security Control #6: Maintenance, Monitoring, and Analysis of Audit Logs

164.308(a)(1): Security Management Process – Information System Activity Review R 164.308(a)(5): Security Awareness & Training – Log-in Monitoring A

SOCVue Security Monitoring provides the people, process, and technology needed to collect, monitor, and analyze audit logs. Monitoring audit logs can provide valuable security insight and help detect advanced threats.

Critical Security Control #9: Limitation and Control of Network Ports

164.310(b): Workstation Use – R 164.310(c): Workstation Security – R

SOCVue security analysts will help you establish a whitelist/blacklist of ports and protocols and assess whether any unauthorized ports, protocols, and services are running on a network.

SOCVue Vulnerability Management provides vulnerability scanning technology from Qualys to help detect vulnerable port and protocol usage on your IT assets.

*Additional controls auditing available with on-premise Security Monitoring deployments

Learn More About SOCVue Security as a Service

Let's Talk
EiQ’s hybrid security as a service model really works for us. We needed a SIEM tool that would protect our infrastructure and the expertise to understand the information that comes out of it. With the EiQ solution, you get both in a single package.
Shawn Tivnan Assistant Director, Web Services and Technology Training, Bristol Community College