To Protect and Comply
Alert Logic for HIPAA Compliance

As the healthcare industry increases its use of electronic health records (EHR), protecting the confidentiality, integrity, and availability of this data becomes crucial.

The truth about the healthcare industry:

  • Protected health information (PHI) is 50 times more valuable on the black market than other personally identifiable information (PII).
  • At the same time, healthcare security systems are lagging other market sectors, putting healthcare firms at greater risk.
  • HIPAA compliance is a requirement for all covered entities and business associates in healthcare.
  • Penalties for non-compliance are steep, and the number of violation complaints are at an all-time high, but the cost of a breach is even higher.

Alert Logic provides a HIPAA compliance and security solution suite for covered entities and business associates in healthcare. The solution comprises:

  • Alert Logic ActiveWatch provides 24×7 security monitoring, expert analysis, and guidance on security events and incidents. This service increases threat detection accuracy, reduces false positives, and allows scarce IT resources to stay focused on business-critical projects. Everything is managed from Alert Logic’s state-of-the-art, 24×7 Security Operations Center (SOC), staffed by security professionals with Global Information Assurance Certification (GIAC) from the SANS Institute.
  • Alert Logic Web Security Manager: Proactive defense against web application attacks, providing immediate protection against zero- day attacks that signatures cannot detect and is backed by the 24×7 Security Operations Center that monitors all activity and ongoing WAF tuning to optimize protection, removing the biggest challenge of WAF utilization
  • Alert Logic Log Manager: Effective log review and forensic analysis; collect, normalize, search, and report on log data from your entire infrastructure. Certified analysts act as an extension of your team, reviewing your data daily and alerting you of suspicious activity.
  • Alert Logic Threat Manager: Detects and prevents network intrusions, identifies vulnerabilities and mis-configurations, and automates security analysis with pre-built alerts and reports for key compliance mandates; backed by security experts who provide detailed remediation guidance as incidents are encountered

Together, this solution suite provides the most advanced and cost-effective means to secure entire networks (both cloud and on-premises) and achieve compliance with HIPAA, HITECH and Meaningful Use mandates.

Alert Logic is a Critical Component

“Alert Logic solutions are a critical component in our overall security strategy for Methodist Health System. Protecting patient data is our number one priority and Alert Logic helps us do just that.”

The Alert Logic Difference

Alert Logic HIPAA Coverage

HIPAA Rule
Implementation Specs
Alert Logic Coverage
Administrative Safeguards
164.308 (a) (1) Security Mgmt Process
  • Risk Analysis
    Risk
  • Management
    Sanction Policy
  • Info. system activity review

YES
Threat Manager
Web Security Manager
ActiveWatch

164.308 (a) (2) Assigned Security Responsibility
  • No implementation specifics provided in rule
164.308 (a) (3) Workforce Security
  • Authorization/supervision
  • Workforce clearance procedure
  • Termination procedures

YES
Log Manager
Log Review

164.308 (a) (4) Information Access Management
  • Isolating health care clearinghouse functions
  • Access authorization
  • Access establishment and modification

YES
Log Manager
Log Review

164.308 (a) (5) Security Awareness and Training
  • Protection from malicious software
  • Log-in monitoring
  • Password management

YES
Threat Manager
Web Security Manager
ActiveWatch
Log Manager
Log Review

164.308 (a) (6) Security Incident Procedures
  • Response & Reporting

YES
Threat Manager
Web Security Manager
ActiveWatch

164.308 (a) (7) Contingency Plan
  • Data backup plan
  • Disaster recovery plan
  • Emergency mode operation plan
  • Testing and revision procedures
  • Applications and data criticality analysis

YES
Log Manager
Log Review

Physical Safeguards
164.310 (a) Facility access controls
  • Contingency operations
  • Facility security plan
  • Access control and validation procedures
  • Maintenance records

YES
Log Manager
Log Review

164.310 (b) Workstation Use
  • No implementation specifics provided in rule
164.310 (c) Workstation security
  • No implementation specifics provided in rule
164.310 (d) Device and media controls
  • Data backup and storage

YES
Log Manager
Log Review

Technical Safeguards
164.312 (a) (1) Access control
  • Unique user identification

YES
Log Manager
Log Review

  • Encryption and decryption

YES
Log Manager
Log Review

164.312 (b) Audit controls
  • No implementation specifics provided in rule
164.312 (c) Integrity
  • Mechanism to authenticate electronic PHI

YES
Log Manager
Log Review

164.312 (d) Person or entity authentication
  • No implementation specifics provided in rule
164.312 (e) Transmission security
  • Encryption

YES
Log Manager
Log Review

© 2010-2014