The Health Insurance Portability and Accountability Act (HIPAA) was established in the United States’ law in 1996 to promote the protection of personal health information by preventing the selling, transferring, or use of an individual’s information for business gain, personal leverage, or malicious harm in general. HIPAA’s “Security Rule” standard was established to facilitate control adherence, monitor the health of the compliance program, and adapt to an ever changing risk environment. In 2009, HITECH was devised to further enforce breach standards for HIPAA and the implementation of utilizing Electronic Health Records (EHR). HITECH led to the formulation of the Promoting Interoperability, or PI, (previously the Advancing Care Information category of MIPS, which absorbed Meaningful Use) incentive program; one of the most significant pieces of healthcare legislation ever passed. With the variability of risks facing an organization, a SIEM technology should augment and streamline compliance objectives, providing forensic evidence, advanced alerts, and correlation, all of which foster the maturity of the organization’s compliance posture.
LogRhythm’s Healthcare Security Compliance Automation Suite provides augmented and direct support of control objectives through pre-bundled Investigations, Alarms, AIE rules, and Reports that support HIPAA, HITECH, and PI in a holistic package. Alarms and Reports are automatically associated with the correct in-scope Healthcare Security Compliance Automation Suite log sources. You can then schedule Reports for periodic generation and delivery, or generate them on demand. This assists in delivering appropriate content to Audit, IT operations, IT security, and Executive Management. To identify areas of non-compliance in real-time, you can leverage Investigations and Alarms for immediate analysis of activities that impact your organization's in-scope environments. The following provides highlights of these module components and also provide all content provided within the module.
As organizations mature in their compliance adherence, LogRhythm’s approach to compliance offers various components that can be utilized and enhanced. The ultimate goal is to mature with the organization to eventually bridge the gap between a compliance program and a cyber security program. Trends in control objectives indicate an increased requirement to address cyber security risks and to establish a robust Incident Response function. With these trends in mind, LogRhythm has developed compliance modules that augment controls based on cyber security risks. LogRhythm’s Case Management is a platform to establish and mature an Incident Response program as a central collection and distribution of forensic data.