Ask the Expert

Recommendations for security solutions meeting HIPAA requirements

As a member of the IT department for a health services company, I have been researching software applications on authentication, encryption, content scanning and password management. Do you have any recommendations as to which products will best meet the HIPAA regulations? I am particularly interested in a product that will be transparent to the end user and, using content scanning, will provide the most protection for my company.

    Requires Free Membership to View

The good news on this is that, with the proper configuration, some of your existing applications and operating systems may already meet some, if not all, of the authentication, encryption and password management requirements of HIPAA. For example, Windows 2000 and above supports solid user authentication, access controls, password management and even the added protection of file system encryption. If your software doesn't support it, and depending on the size of your organization and budget, you may want to look at offerings from RSA, PGP, your software vendor(s), etc. for more in-depth support for what you need. You'll most likely have to implement third-party products for any content scanning you want to do. For this, you should check out the offerings from NetIQ (Marshal), CipherTrust, Tumbleweed, SurfControl, etc.

Keep in mind that there is no small, or even large, set of products you can buy that will make your organization completely HIPAA compliant. It's the policies, procedures and the ongoing maintenance of your technology systems that will put you more in line with privacy/security best practices and the HIPAA regulations. For more on this, see my article entitled HIPAA compliance doesn't come in a box.

For more information on this topic, visit these other resources:
  • News & Analysis: Analyst: HIPAA is a strategic enabler
  • News & Analysis: Provider's HIPAA implementation points out policy strengths, areas of need
  • Scheier's Security Product Round Up: HIPAA compliance: Tools alone aren't enough

    This was first published in February 2003

  • There are Comments. Add yours.

    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: