<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2849132&amp;fmt=gif">
Request Demo
Solution Brief
Menu
Blog
Go to my account
Request Demo
Get Elisity Free

Health Insurance Portability and Accountability Act

Elisity Cognitive Trust mitigates the threat of ransomware and prevents involuntary disclosure of patient information

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge. HIPAA includes a Privacy Rule, or Standards for Privacy of Individually Identifiable Health Information, establishing national standards for protecting certain health information. The Security Standards for the Protection of Electronic Protected Health Information (the Security Rule) establish a national set of security standards for protecting certain health information that is held or transferred in electronic form.

The Security Rule operationalizes the protections contained in the Privacy Rule by addressing the technical and non-technical safeguards that organizations called “covered entities” must put in place to secure individuals’ “electronic protected health information” (e-PHI). Within the U.S. Department of Health & Human Services (HHS), the Office for Civil Rights (OCR) has responsibility for enforcing the Privacy and Security Rules with voluntary compliance activities and civil money penalties.

Requirements of the HIPAA Security Rule

  • Ensure the confidentiality, integrity, and availability of all electronic protected health information (e-PHI)
  • Detect and safeguard against anticipated threats to the security of the information
  • Protect against anticipated impermissible uses or disclosures that are not allowed by the rule
  • Certify compliance by their workforce

How Elisity Supports HIPAA Compliance

healthcare

Elisity Cognitive Trust integrates with the customer's existing identity and telemetry providers for enhanced real-time continuous identification and inventory of clinical devices (IoMT), IT systems, IoT, users, user groups, and applications in the environment. Identity-based microsegmentation and least privilege access policies enforced at the edge ensure explicit trust of users, devices, and applications accessing e-PHI through continuous identity verification and asset behavior monitoring. Microsegmentation denies lateral movement of malicious network traffic by cyber threats such as ransomware, spyware, wipers, and other malware, blocking network scanning, mapping, and unauthorized access to identity-based microsegments.

Policies are enforced using the health delivery organization's existing switching infrastructure but can use hypervisors if edge computing is unavailable. The architecture also isolates critical clinical systems such as IoMT devices to ensure only specific users and systems can communicate with them using only expected electronic communications protocols.

Get in touch with us about your HIPAA compliance-related project and learn how you can accelerate it with Elisity Cognitive Trust.

Contact Us