Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

IT HIPAA Compliance


Published on

Like all healthcare provider organizations, the company needed to fi nd technologies
and methodologies to comply with IT security requirements of HIPAA. The company licensed Policy Commander® to assist with HIPAA compliance through automated security configuration management.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

IT HIPAA Compliance

  1. 1. Case Study Situation: Like all healthcare provider organizations, the company needed to find technologies and methodologies to comply with IT security requirements of HIPAA.As a healthcare provider, our customerneeded to find ways to comply with theIT security provisions of the Healthcare Solution:Information Portability and Accountability The company licensed Policy Commander® toAct (HIPAA). The company selected assist with HIPAA compliance through automatedPolicy Commander® from New Boundary security configuration management.Technologies to manage its Windowssecurity configurations and automate Quote:compliance. “Policy Commander gives us an incredible level of control over the security state of WindowsBackground: systems used by our remote and internal staff.With an eye toward meeting HIPAA data security With Policy Commander, we’ve been able torequirements, the company evaluated its IT establish a self-monitoring and self-correctingoperations and environment to find the right security environment that often exceeds the HIPAAtechnologies and processes that would help them requirements.”succeed. By leveraging the automated enforcementfunctionality of Policy Commander, the companycreated a sustainable compliance environment thatrequires minimal administrator intervention. Solution: To achieve HIPAA Security Rule compliance, theChallenge: company first set out to convert the broad HIPAA ITBecause securing electronic patient health information security requirements into specific organizational(EPHI) is a key component of HIPAA compliance, the rules and policies. New Boundary Technologiescompany needed to find ways to secure all Windows made this much easier by providing a HIPAA securitysystems that could access that information. This task configuration guide and HIPAA security policy library.was complicated by the fact that the organization has The customer’s IT department then translated thoseusers across the country that require remote access requirements, leveraging the HIPAA security policyto the network. In order to make those systems HIPAA library, into enforceable Windows security policies thatcompliant, the company decided to utilize the growing create secure Windows configurations.practice of security configuration management. Result:Environment: The company is currently using Policy CommanderThe organization has a widely distributed network to achieve compliance on hundreds of remoteenvironment that encompasses a central office and systems and 80 internal systems. According to theirhundreds of remote offices across the U.S. This IT department, Policy Commander gives them theincludes approximately 600 remote users that use flexibility they need to manage security configurationsvirtual private networks to connect with the main to their exact specifications.corporate network. In addition, the company hasdozens of nodes within their corporate network thatneed to be locked down since they contain or haveaccess to EPHI.
  2. 2. “One of the more important aspects of Policy The company’s IT administrators also appreciate paCommander is the visibility it gives us into the the level of integration between Policy Commander iconfiguration states of the Windows systems in our and Active Directory. “One of the great things about Denvironment. That combined with the ability to force Policy Commander is that it pulls the Active Directory macompliance with the automated policy enforcement structure just the way it is. Setting up the Active t thfeature gives us an unprecedented level of control Directory in Policy Commander is really fast and olthat we really need for HIPAA compliance.” easy. I don’t need to modify it in any way. I just import ee it and use it.”According to the customer, becoming HIPAAcompliant involved some major changes in their In addition to using Policy Commander to support ngnetwork and desktop administration. “One of the first compliance efforts, the company also uses Prism s, titems on our HIPAA compliance agenda was to get Suite™ to distribute software applications to remote esusers to their appropriate level of user rights. That users. The company says there are some key ysmeant taking away administrative rights to all users. advantages to using both Policy Commander and boBut with HIPAA as a driving factor, IT needs a high Prism Suite. “We like that Prism Suite and Policy thlevel of control over the computers we support, and Commander have a common client, and the twothat’s what Policy Commander gives us.” products working in tandem give us a really powerful but easy to use configuration management solution.”Another key feature that the customer touts is thePolicy Editor. “We really like having the ability to NOTE: This case study is based on informationcreate our own policies and customize the NIST and provided by a current New Boundary Technologies®NSA security policies to fit our environment. If you customer that licenses Policy Commander® anddefine and architect your policies well to begin with, Prism Suite™. By request of the customer, we haveyou can basically set up your environment and forget not identified the You don’t have to worry about computers driftingout of compliance or users making unauthorizedchanges that can affect the outcome of an audit.”NEW BOUNDARY ® T E C H N O L O G I E SNew Boundary Technologies®1300 Godward Street NE, Suite 3100Minneapolis, MN 55413Tel. 612.379.3805 / Toll-free 800.747.4487Fax Prism Suite is a trademark and Policy Commander is a registered trademark of New Boundary Technologies, Inc. All other brands and product names are trademarks or© 2007 New Boundary Technologies, Inc. All rights reserved. registered trademarks of their respective companies.