Problem solve Get help with specific problems with your technologies, process and projects.

Recommendations for security solutions meeting HIPAA requirements

As a member of the IT department for a health services company, I have been researching software applications on...

authentication, encryption, content scanning and password management. Do you have any recommendations as to which products will best meet the HIPAA regulations? I am particularly interested in a product that will be transparent to the end user and, using content scanning, will provide the most protection for my company.

The good news on this is that, with the proper configuration, some of your existing applications and operating systems may already meet some, if not all, of the authentication, encryption and password management requirements of HIPAA. For example, Windows 2000 and above supports solid user authentication, access controls, password management and even the added protection of file system encryption. If your software doesn't support it, and depending on the size of your organization and budget, you may want to look at offerings from RSA, PGP, your software vendor(s), etc. for more in-depth support for what you need. You'll most likely have to implement third-party products for any content scanning you want to do. For this, you should check out the offerings from NetIQ (Marshal), CipherTrust, Tumbleweed, SurfControl, etc.

Keep in mind that there is no small, or even large, set of products you can buy that will make your organization completely HIPAA compliant. It's the policies, procedures and the ongoing maintenance of your technology systems that will put you more in line with privacy/security best practices and the HIPAA regulations. For more on this, see my article entitled HIPAA compliance doesn't come in a box.

For more information on this topic, visit these other SearchSecurity.com resources:
  • News & Analysis: Analyst: HIPAA is a strategic enabler
  • News & Analysis: Provider's HIPAA implementation points out policy strengths, areas of need
  • Scheier's Security Product Round Up: HIPAA compliance: Tools alone aren't enough

  • This was last published in February 2003

    Dig Deeper on HIPAA

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    Start the conversation

    Send me notifications when other members comment.

    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

    Please create a username to comment.