Q

Recommendations for security solutions meeting HIPAA requirements

As a member of the IT department for a health services company, I have been researching software applications on authentication, encryption, content scanning and password management. Do you have any recommendations as to which products will best meet the HIPAA regulations? I am particularly interested in a product that will be transparent to the end user and, using content scanning, will provide the most protection for my company.

The good news on this is that, with the proper configuration, some of your existing applications and operating systems may already meet some, if not all, of the authentication, encryption and password management requirements of HIPAA. For example, Windows 2000 and above supports solid user authentication, access controls, password management and even the added protection of file system encryption. If your software doesn't support it, and depending on the size of your organization and budget, you may want to look at offerings from RSA, PGP, your software vendor(s), etc. for more in-depth support for what you need. You'll most likely have to implement third-party products for any content scanning you want to do. For this, you should check out the offerings from NetIQ (Marshal), CipherTrust, Tumbleweed, SurfControl, etc.

Keep in mind that there is no small, or even large, set of products you can buy that will make your organization completely HIPAA compliant. It's the policies, procedures and the ongoing maintenance of your technology systems that will put you more in line with privacy/security best practices and the HIPAA regulations. For more on this, see my article entitled HIPAA compliance doesn't come in a box.


For more information on this topic, visit these other SearchSecurity.com resources:
  • News & Analysis: Analyst: HIPAA is a strategic enabler
  • News & Analysis: Provider's HIPAA implementation points out policy strengths, areas of need
  • Scheier's Security Product Round Up: HIPAA compliance: Tools alone aren't enough


  • This was first published in February 2003

    Dig deeper on HIPAA

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close