As a member of the IT department for a health services company, I have been researching software applications on authentication, encryption, content scanning and password management. Do you have any recommendations as to which products will best meet the HIPAA regulations? I am particularly interested in a product that will be transparent to the end user and, using content scanning, will provide the most protection for my company.
The good news on this is that, with the proper configuration, some of your existing applications and operating systems may already meet some, if not all, of the authentication, encryption and password management requirements of HIPAA. For example, Windows 2000 and above supports solid user authentication, access controls, password management and even the added protection of file system encryption. If your software doesn't support it, and depending on the size of your organization and budget, you may want to look at offerings from RSA, PGP, your software vendor(s), etc. for more in-depth support for what you need. You'll most likely have to implement third-party products for any content scanning you want to do. For this, you should check out the offerings from NetIQ (Marshal), CipherTrust, Tumbleweed, SurfControl, etc.
Keep in mind that there is no small, or even large, set of products you can buy that will make your organization completely HIPAA compliant. It's the policies, procedures and the ongoing maintenance of your technology systems that will put you more in line with privacy/security best practices and the HIPAA regulations. For more on this, see my article entitled HIPAA compliance doesn't come in a box.
For more information on this topic, visit these other SearchSecurity.com resources:
Dig Deeper on HIPAA
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.