Is your organization adequately meeting the rules and regulations set forth in the Accountability Act of 1996 (HIPAA)? Learn how LogRhythm’s comprehensive log management and analysis solution can help your organization meet or exceed HIPAA regulatory requirements.
LogRhythm and HIPAA Compliance The Department of Health and Human Services (HHS) enacted the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to ensure that personal information stored, accessed, or processed adheres to a set of guidelines or "security rules". These rules outline security measures that should be implemented to adequately secure all electronic protected health information (EPHI). The Secretary of Health and Human Services enforces this law. Non-compliance can lead to civil monetary penalties and public distrust. The collection, management, and analysis of log data is integral to meeting many HIPAA requirements. The use of LogRhythm directly meets some requirements and decreases the cost of complying with others. IT environments consist of heterogeneous devices, systems, and applications all reporting log data. Millions of individual log entries can be generated daily if not hourly. The task of organizing this information can be overwhelming in itself. The additional requirements of analyzing and reporting on log data render manual processes or homegrown remedies inadequate and costly. LogRhythm can help. Log collection, archive, and recovery is fully automated across the entire IT infrastructure. LogRhythm automatically performs the first level of log analysis. Log data is categorized, identified, and normalized for easy analysis and reporting. LogRhythm's powerful alerting capability automatically identifies the most critical issues and notifies relevant personnel. With the click of a mouse, LogRhythm's out-of-the box HIPAA reporting packages ensure you meet your reporting requirements. LogRhythm Report Center Screenshot The National Institute of Standards and Technology (NIST) Special Publication 800-66 provides guidance for meeting HIPAA Standards. The remainder of this paper lists the applicable standards LogRhythm can help address. For each standard, an explanation of how LogRhythm supports compliance is provided. Learn how LogRhythm's comprehensive log management and analysis solution can help your organization meet or exceed HIPAA regulatory requirements.
Copyright 2008 LogRhythm, Inc. All Rights Reserved Page 1 of 6 LogRhythm Compliance Support for HIPAA
The table below outlines each HIPAA Standard and associated Security Rule that LogRhythm helps to address. The "Compliance Requirements" were
taken directly from NIST Special Publication 800-66 titled "An Introductory Resource Guide for Implementing the HIPAA Security Rule". These columns
briefly describe the "key activities" and "descriptions" that are necessary to reach compliance. The "How LogRhythm Supports Compliance" column
describes the capabilities LogRhythm provides that help a company achieve compliance. In some cases LogRhythm can be used to directly meet the
compliance requirement, in others, LogRhythm helps verify the compliance requirement is met and/or reduces the cost of meeting the requirement.
Administrative Safeguards
AS 4.1 Security Management Process § 164.308(a)(1)
HIPAA Standard: Implement policies and procedures to prevent, detect, contain, and correct security violations.
Compliance Requirement
How LogRhythm Supports Compliance
LogRhythm provides centralized monitoring, analysis, and reporting of audit activity
across the entire IT infrastructure. LogRhythm automates the process of identifying
high-risk activity and prioritizes based on asset risk. High-risk activity can be monitored
in real-time or alerted on. LogRhythm reports provide easy and standard review of
inappropriate, unusual, and suspicious activity.
7. Develop and .
Deploy the
Implement procedures to regularly review records
Information
of information system activity, such as audit logs, Example Reports:
System Activity
access reports, and security incident tracking
. Audit Failures by User
Review
reports.
. Audit Failures by Host
Process
. Suspicious Activity by User
. Suspicious Activity by Host
. Top Suspicious Users
. Top Targeted Hosts
. Top Targeted Applications
LogRhythm collects and analyzes log data from operating systems, applications, and
