Network Security for HIPAA Compliance
Health Insurance Portability and Accountability Act (HIPAA)
The Health Insurance Portability and Accountability Act’s (HIPAA’s) Security Rule establishes a number of standards and controls designed to protect the confidentiality of electronic protected health information (ePHI). To be in complete compliance with the HIPAA Security Rule, access to systems that contain or process ePHI must be controlled and audited.
Xceedium’s Role in HIPAA Security Rule Compliance
Xceedium’s products deliver essential capabilities needed to establish and prove compliance with HIPAA security mandates. Only Xceedium can deliver:
Strong remote access controls, combined with powerful privileged user password management, which are essential in managing the complex permissions needed to support vendor and third-party access to devices and systems
Patent-pending LeapFrog Prevention technology that contains users to only authorized systems, applications and resources
Low total cost of ownership—a single appliance-based solution with comprehensive features, minimizing setup and operational costs
Most highly certified solutions, including FIPS 140-2 Level 2, Common Criteria EAL4+ and JITC PKI/CAC certifications
HIPAA Security Rule Compliance Standard | Xsuite | GateKeeper | Password Authority | A2A Authority |
Security Management Process 164.308(a)(1) (Risk Management) | Supports access control and password management activities needed to reduce the risks and vulnerabilities associated with privileged users (including system and network administrators, developers and test personnel, and trusted third parties and vendors like outsourcers) in environments containing electronic protected health information. | X | X | X |
Security Management Process 164.308(a)(1) (Information System Activity Review) | Delivers comprehensive record keeping capabilities that support prompt, regular review of activity, including session keystroke recording, full-screen capture of RDP and VNC sessions, and detailed logging of sessions and password use. | X | X | X |
Workforce Security Procedures 164.308(a)(3) (Authorization and/or Supervision) | Supports the creation of procedures for the authorization of individuals (using role-based access controls) over both systems and devices, as well as the management of sensitive administrative passwords. | X | X | X |
Workforce Security Procedures 164.308(a)(3) (Termination) | Allows access rights to be immediately terminated, both manually or automatically (for example, in response to attempts to violate procedures or policies). Since Xsuite eliminates shared administrative passwords, as well as hard-coded passwords within applications and scripts, access controls can be associated with specific individuals (or processes) rather than groups, enhancing the effectiveness of network security procedures. | X | X | X |
Information Access Management 164.308(a)(4) (Access Authorization) | Enables the creation and implementation of procedures for requesting, reviewing, approving and terminating access controls to systems, applications, devices and privileged passwords. | X | X | X |
Information Access Management 164.308(a)(4) (Access Establishment) | Supports network security access controls on multiple levels, including via workstation, including both locally and remotely situated systems. Granular controls can be established, limiting access to entire systems as well as specific commands within an individual application, system or device. | X | X | X |
Security Awareness and Training 106.308(a)(5) (Log-in Monitoring) | Provides comprehensive network monitoring and logging facilities, enabling detailed reporting and analysis of activities. In addition to preventing prohibited access, Xsuite can generate alerts and events providing notification of attempts to violate security policies or other suspect behavior. | X | X | X |
Security Awareness and Training 106.308(a)(5) (Password Management) | Allows for procedures that control both creation of passwords (including factors such as complexity and length) and their frequency of change. Passwords are secured through powerful FIPS-140-2 certified encryption, and are protected in storage, during transit, and in use. | X | X | X |
Security Incident Procedures 106.308(a)(6) (Response and Reporting) | Generates notifications of attempted network security policy violations and suspect behavior. Attempts to violate policies can be explicitly prohibited or halted, users can be warned of unauthorized behavior, sessions can be terminated, and individual user accounts can be suspended pending re-authorization. Comprehensive logging and reporting facilities support speedy response to and investigation of security incidents. | X | X | X |
Access Control (164.312(a)(1) (Unique User Identification) | Supports the creation of unique user identifications. Since Xsuite eliminates the need for shared accounts and passwords for administrative systems and other resources, the ability to identify specific individuals, and the activities they undertake, is enhanced. | X | X | X |
Audit Controls 164.312(b) | Provides comprehensive network monitoring and logging facilities, enabling detailed reporting and analysis of activities. In addition to preventing prohibited access, Xsuite can generate security alerts and events providing notification of attempts to violate network policies, or other suspect behavior. | X | X | X |
Person or Entity Authentication 164.312(d) | For individuals, the use of second-factor tokens or certificates on smartcards alone or in combination with LDAP/AD repositories ensures strong authentication. For applications, the use of attributes such as physical storage location, execution location, real user IDs, machine fingerprints, software integrity and unique decryption keys ensure strong authentication of these resources and processes. | X | X | X |
Xsuite Brochure
Data Sheets
White Papers
Case Studies
Free Evaluation
Request a Quote
