Solution Brief : Security and Compliance Solutions for HIPAA

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) required the Secretary of the U.S. Department of Health and Human Services (HHS) to develop regulations that protect the privacy and security of certain health information. To fulfill this requirement, HHS published what are commonly known as the HIPAA Privacy Rule and the HIPAA Security Rule. The Privacy Rule, or Standards for Privacy of Individually Identifiable Health Information, establishes standards for privacy controls involving health information, dubbed protected health information (PHI). The Security Rule establishes standards for security controls involving electronic PHI that directly affects database security in the enterprise. The Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 contains specific incentives designed to speed up the adoption of electronic health record systems among providers and more enhanced controls around the original HIPAA Security Rule including new breach notification and enforcement requirements.

In 2013, an additional set of HIPAA-related requirements called the Omnibus Rule was enacted to further strengthen the HIPAA and HITECH controls. The biggest changes brought about by the Omnibus Rule related to information privacy and security were a requirement that all business associates and their subcontractors must now follow the HIPAA and HITECH requirements as a traditional “covered entity” would. The Omnibus Rule also brought about an increase in civil penalties related to non-compliance. To define the proper HIPAA requirements baselines, audit database object/data changes, and report the database privacy and security-related findings to auditors and regulators, one must be able to answer the following questions:

  1. Who has access to my electronic PHI, and how does one audit the activity?

  2. How does one define a secure baseline and maintain it across my SQL Server environment?

  3. How can one implement repeatable processes to help maintain the security standards?

  4. How does one audit permissions, logins, and object and data changes on my SQL Server?

  5. What is the best way to ensure not only ongoing compliance with the HIPAA, HITECH, and Omnibus Rule regulations but also help maintain reasonable security across my SQL Server databases?

This solution brief discusses how SQL Secure and SQL Compliance Manager address these requirements.

Presenter: IDERA
Share This:  Facebook Twitter LinkedIn

Register to read the full solution brief.


Register for Free Solution Brief

Register For a Free Whitepaper

*
*
*
*
*