The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge. HIPAA includes a Privacy Rule, or Standards for Privacy of Individually Identifiable Health Information, establishing national standards for protecting certain health information. The Security Standards for the Protection of Electronic Protected Health Information (the Security Rule) establish a national set of security standards for protecting certain health information that is held or transferred in electronic form.
The Security Rule operationalizes the protections contained in the Privacy Rule by addressing the technical and non-technical safeguards that organizations called “covered entities” must put in place to secure individuals’ “electronic protected health information” (e-PHI). Within the U.S. Department of Health & Human Services (HHS), the Office for Civil Rights (OCR) has responsibility for enforcing the Privacy and Security Rules with voluntary compliance activities and civil money penalties.
Elisity Cognitive Trust integrates with the customer's existing identity and telemetry providers for enhanced real-time continuous identification and inventory of clinical devices (IoMT), IT systems, IoT, users, user groups, and applications in the environment. Identity-based microsegmentation and least privilege access policies enforced at the edge ensure explicit trust of users, devices, and applications accessing e-PHI through continuous identity verification and asset behavior monitoring. Microsegmentation denies lateral movement of malicious network traffic by cyber threats such as ransomware, spyware, wipers, and other malware, blocking network scanning, mapping, and unauthorized access to identity-based microsegments.
Policies are enforced using the health delivery organization's existing switching infrastructure but can use hypervisors if edge computing is unavailable. The architecture also isolates critical clinical systems such as IoMT devices to ensure only specific users and systems can communicate with them using only expected electronic communications protocols.
Get in touch with us about your HIPAA compliance-related project and learn how you can accelerate it with Elisity Cognitive Trust.