HIPAA Compliance with LT Auditor+

If your company is in the health care industry or is a business partner processing data for a company in the health care industry, the Health Insurance Portability and Accountability Act (HIPAA) requires the protection of certain health related information, protection that can only be reasonably achieved through implemented security controls (in accordance with security standards defined by the Health and Human Services Agency). All covered entities (i.e.; companies subject to the regulation) must comply with applicable security standards no later than April 2006, with the majority of entities obligated to achieve compliance by April 2005.

The information security related provision regarding HIPAA Compliance is Subtitle F –Administrative Simplification. Applicable security standards are defined in Code of Federal Regulations (CFR) 45 (parts 160, 162, and 164) -- the “Security Rule”).

Blue Lance’s LT Auditor+ provides the following features and benefits for organizations that are required to comply with the HIPAA Security Rule:

• The ability to use monitoring agents that record system activities from the operating system perspective. A detailed record can be generated of access to any file containing electronic protected health information.

• The ability to use monitoring agents to implement an effective level of security event monitoring, achieved through the monitoring of:

• System access (logons, logoffs, and connections)

• Administrative activities (e.g.; account management, access control management)

• Use of privileged accounts
  • Access to files containing confidential information,
  • Changes to access controls,
  • Changes to executable software and critical control files,
  • Suspicious patterns of activity following a successful logon,
  • Rejected attempts at accessing resources,
  • Attempts at accessing sensitive files out of a normal context,
  • Suspicious patterns of activity following exploitation of vulnerable software.
• The ability to monitor systems in a transparent manner.

• The ability to monitor Windows Servers and Workstations, Netware Servers, and SYSLOG-enabled computers/applications (including Unix Servers, Network Devices, and firewall appliances).

• The ability to install a monitoring agent from a remote location onto a computer that needs to be monitored, provided the installer has privileged access to the desired computer. This remote installation capability eliminates the need to be physically present at the computer and reduces the costs in deploying an LT Auditor+ infrastructure within an organization that has many computers that need to be monitored.

• The ability to configure and deploy a monitoring configuration from a central computer functioning as a management console to computers monitored by LT Auditor+ agents. Deployed monitoring configurations can be adjusted, on demand, from the management console, giving Blue Lance Customers the ability to throttle the level of auditing in response to changing monitoring needs.

• The ability of monitoring agents to report events in a real time manner, delivering the reports either through native operating system messaging capabilities, SNMP, or e-mail agents. Real Time Alerting can give a Blue Lance Customer the ability to recognize exceptional events (including attempted security breaches) quickly, so remedial steps can be promptly taken to contain an adversary and reduce the likelihood that electronic protected health information will be further compromised.

Real Time Alerting can be used to notify incident response teams of access to honey pot files (planted files with fake protected health information), in order to more easily identify an adversary, who has managed to penetrate an organization’s infrastructure and who is searching for opportunities to compromise electronic protected health information.

• The ability to use LT Auditor+ filtering methods in order to ignore extraneous data that is automatically recorded in native Windows logs, increasing the utility of the log files maintained by LT Auditor+ and avoiding unproductive information overload.

• The ability to archive native Windows logs for backup purposes and to enhance a Blue Lance customer’s ability to investigate computer crime.

• The ability to protect the recorded activity in LT Auditor+ log files from being tampered with, including an ability to transfer log files to a separate log consolidation computer in order to simplify the management and protection of archived log files. Log file transferring can be configured to occur on a scheduled basis (e.g.; off hours) or can be configured to occur in response to an attempt at shutting down an LT Auditor+ agent (i.e.; a defensive transfer) or in response to certain detected events that may be indicative of an intruder (i.e.; another form of a defensive transfer).

• The ability to protect the integrity and confidentiality of communications between an LT Auditor+ agent and manager, through the use of cryptography and other control mechanisms.

• The ability to import LT Auditor+ log files into a relational database management system on the log consolidation computer, giving Blue Lance Customers a high degree of flexibility in querying activity information stored in the database using the LT Auditor+ SQL Report Generator or using other SQL oriented querying tools.

• The ability to use canned database management scripts to simplify the retention and archiving of historical data.

• The ability to audit the actions of an LT Auditor+ Administrator and to monitor the integrity of an LT Auditor+ architecture through status monitoring and transaction logging.

Download the HIPAA Compliance White Paper or LT Auditor+