1. ALERTLOGIC.COM / U.S. 877.484.8383 / U.K. +44 (0) 203 011 5533
HIPAA COMPLIANCE: A CHEAT SHEET
SELECTING TECHNOLOGIES FOR
Selecting technologies to help your organization comply with HIPAA regulations can be overwhelming. Here are few
things you should look for when evaluating technologies against your HIPAA requirements.
INTRUSION DETECTION SYSTEM (IDS)
Intrusion detection systems run the gamut from complex host-based detection to lightweight network-based detection.
Generally, any credible IDS will provide core functionality designed to detect known bad activity based on known
signatures. To comply with the administrative and technical HIPAA safeguards — and to protect your network —be sure
to ask the following questions:
WEB APPLICATION PROTECTION
Hackers and cybercriminals are exploiting poorly protected websites at an alarming rate. Organizations are impacted
almost daily. An excellent way to protect your internet-facing websites and applications is to implement a Web
Application Firewall (WAF). Depending on your deployment preference, the WAF can provide inline protection from
invalid/malformed requests made against your website or simply monitor web requests, alerting when these bad
requests are encountered. While WAFs are a critical component of your security framework, they also assist you in
complying the specific administrative safeguards related to HIPAA. During your evaluation, find out the following:
01 Do you provide signatures of known bad and known good files/network traffic?
02 How often are your signatures updated? Do I have to update them myself or is the system auto-updating?
03 How much training does someone need to become proficient in your solution?
04 Is your IDS integrated with any other security technology?
05 Will your IDS work in both my on-premises data center and my cloud environments?
01 Who manages the Web Application Firewall?
02 How does your WAF handle changes made to my website? Do I have to reconfigure the solution myself?
03 What website attack vectors is your WAF blocking?
04 Can your WAF work across my different public cloud hosting providers?
05 How quickly can your WAF be implemented and start protecting my environment?