The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is legislation that addresses a broad range of healthcare areas, including health insurance coverage, national standards, breach notifications, pre-tax spending accounts, group health plans, company-owned life insurance policies.
Security Standards for Electronic Health Records
Title II, known as the Administrative Simplification Provisions, mandates the adoption of Federal privacy protections for individually identifiable private health information (aka PHI, e-PHI, or EPHI). It applies to a wide variety of health industry organizations that transmits any health information in electronic form. It includes provisions that adopt national standards for electronic health care transactions and code sets, unique health identifiers, and security measures.
Monitor Relevant Group Membership
Review and keep secured system access to a minimum with Cygna Auditor's group reports that show membership of secured system users and administrators.
Monitor Secured System Permissions
Keeping group membership current is only half the battle – you must ensure that permissions on secured systems stay correct. Cygna Auditor's permissions reports enable you to be sure access is correct.
Real-Time Notification of Unusual Activity
Cygna Auditor's built-in and custom alerting notifies you of unusual activity such as scripted permission changes, or mass file updates typical of ransomware.
Monitor Activity on Secured Systems
Cygna Auditor monitors all successful and failed data activity such as file or folder creation, access, updates, deletions, who made the changes and when they were made.
Examples of Addressed HIPAA Compliance Requirements
Cygna Auditor addresses Administrative Safeguards (164.308), Technical Safeguards (164.312), Policies and procedures and documentation requirements (164.316), and Accounting of disclosures of protected health information (164.528) of the HIPAA Title II Security Rule.
164.308 (a)(1)(i) Security management process
164.308 (a)(1)(ii)(D) Information system activity review
164.308 (a)(3)(ii)(C) Termination procedures
164.308 (a)(4)(ii)(C) Access establishment and modification