By James D. Brown, CTO, StillSecure

Source: Man of concern by Lisa Brewster

If you deal with Electronic Protected Health Information (EPHI), you’re only too aware of the Health Insurance Portability and Accountability Act of 1996, and its more recent cousin, Health Information Technology for Economic and Clinical Health Act (HITECH), enacted in 2009.

You’re probably also aware that together, both of these regulations generate a lot of trepidation from the standpoint of how to comply, as well as the costs of non-compliance, including steep fines and the potentially irreparable bad press associated with the breach reporting requirements of HITECH.

While it’s been several years since HITECH was issued, too many companies – new and old alike — still don’t have their arms around what each involves.   It can be tricky complying with HIPAA regulations because they’re written from a legal standpoint, not a technical standpoint.  When you’re talking about establishing business processes, that’s generally straight forward. But, when you’re trying to pick the technologies necessary to protect your environment, it can be very tricky to determine what constitutes compliance, and what doesn’t. Too little, and you might be considered negligent after a breach. Too much and you end up overspending  and your CXOs aren’t happy.

From a business perspective, you want to do just what’s necessary: you don’t win points for spending time and money unnecessarily. There’s a lot involved on the technology front. First, a company must map out their  technology set and then what comes next  is really the hard part: putting them all together so they work properly, configuring them, and monitoring them 24×7. Oh, and I didn’t mention that you have to keep audit logs around all your configuration changes, and verify to an auditor (or an investigator) that you’ve got processes around managing them all, and revisit them regularly to ensure continued compliance. Who needs those headaches?

StillSecure’s HIPAA Essential packages 8 different managed security services and the HIPAA-compliant processes necessary to create a solution that helps you meet 18 separate HIPAA and HITECH regulations. It’s audited by Coalfire, a well-known, highly respected independent auditing and compliance company, and it’s built from the ground up to make a compelling case to your own auditor that you’re meeting your HIPAA/HITECH regulations in those 18 areas. That saves you money during your audit.

StillSecure will deploy, configure, and operate a firewall, intrusion detection and prevention (IDPS), virtual private network (VPN), multi-factor authentication, log management, file integrity monitoring, vulnerability scanning and Web application firewall. With HIPAA Essential, we cut through the ambiguities to show you exactly where we come in to provide technical relief, help you understand the areas that you’re still on the hook for, and provide twice-yearly reviews of your vulnerabilities, configuration, and security events. You can also access any of this information from anywhere on the Web at any time, thanks to our RADAR™ customer portal.

Because you’re leveraging technologies and processes across a large number of customers, you take advantage of economies of scale, so you’re paying a lot less than you would to purchase point solutions separately, integrate them, and manage them yourself: orders of magnitude less.

That’s a pill that’s easy to swallow.

Tags: , ,