Support
 
Phone Live Chat
 
Support
 
US: +1 888 720 9500
US: +1 800 443 6694
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

HIPAA

HIPAA Compliance Auditing & Reporting

Segment: Health Care / Insurance Industry

 
icon-selected-opt
     

HIPAA is an acronym for Health Insurance Portability and Accountability Act of 1996. It is a federal law that has been amended to the Internal Revenue Code of 1996. It was designed to improve portability and continuity of health insurance coverage in the group and individual markets.

Title–I HIPAA Compliance - HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs.

Title-II HIPAA Compliance - The Administrative Simplification (AS) provisions requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers. The AS provisions also address the security and privacy of health data. The standards are meant to improve the efficiency and effectiveness of the nation's health care system by encouraging the widespread use of electronic data interchange in the US health care system.

Omnibus HIPAA Rulemaking (2013)

HIPAA / HITECH Omnibus Final Rule went into effect in late March 2013, with a 180-day safe compliance period that recently ended on September 23, 2013. The final omnibus rule greatly enhances a patient’s privacy protections, provides individuals new rights to their health information, and strengthens the government’s ability to enforce the law. The HIPAA Privacy and Security Rules have focused on health care providers, health plans and other entities that process health insurance claims. The changes announced today expand many of the requirements to business associates of these entities that receive protected health information, such as contractors and subcontractors.

In Short:

  1. Implement or Update Security Policies and Procedures.
  2. Enter Into or Update Business Associate Agreements.
  3. Update or Implement Privacy Policies and Procedures.
  4. Update HIPAA Privacy Notices.
  5. Conduct HIPAA Compliance Training.

Part 164 - Security and Privacy

Note: Click on the below Section Number to view the various ADAudit Plus audit reports that will help satisfy the particular clause.

Section Number Description Reports
164.308 (a) (3) (ii) (a) Implement procedures for the authorization and / or supervision of workforce members who work with electronic protected health information or in location where it might be accessed.
  1. Successful AD Authentication
  2. Failed AD Authentication
  3. Server Logon Activity
164.308 (a) (1) (ii) (d) / 164.312 (b)

Implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports.

Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.

System Activity:
  1. Logon
  2. Audit Logs
  3. File Changes
  4. File Deleted
  5. File Creation
  6. File Access
164.308 (a) (4) / 164.308 (a) (1) Implement policies and procedures to prevent, detect, contain, and correct security violations. (Unauthorized changes). Object Changes in AD & GPO / File Servers
164.308 (a) (5) (ii) (c) Procedures for monitoring log-in attempts and reporting discrepancies.
  1. Successful Logon / Logoff
  2. Unsuccesful Logon
  3. Terminal Service Logon
164.308 (a) (4) (c) Implement policies and procedures that, based upon the entity's access authorization policies, establish, document, review, and modify a user's right of access to a workstation, transaction, program, or process.
  1. GPO Changes
  2. User Rights / Security Options Changes
  3. User Management (Attribute Changes)

Audit Reports from ADAudit Plus

A broader look at the various audit reports in ADAudit Plus, which more than satisfies a particular category needs. The many reports in every category ensures a thorough monitoring and reporting / alerting from every angle. Add to it custom reporting, profile based reporting for easy access.

Sample Compliance Audit Reports

adaudit-plus-dashboard-thumb
Dashboard View
adaudit-plus-audit-reports-thumb
Audit Reports

Compliance Reports

File Audit Reports

164.308 (a) (3) (ii) (a)

Successful AD Authentication | Failed AD Authentication | Server Logon Activity

Logon Failures | Logon Failures based on users | Failures due to Bad Password | Failures due to Bad User Name | Logon Activity based on DC | Logon Activity based on IP Address | Domain Controller Logon Activity | Member Server Logon Activity | Workstation Logon Activity | User Logon Activity | Recent User Logon Activity | Last Logon on Workstations | User's Last Logon | Users logged into multiple computers

Currently Logged On Users | Logon Duration | Local Logon Failures | Logon History | Terminal Services Activity | Users Logon Duration on Computers | Interactive Logon Failure | Terminated Users Session | RADIUS Logon Failures (NPS) | RADIUS Logon History (NPS)

164.308 (a) (1) (ii) (d) / 164.312 (b)

All File or Folder Changes | Files Created | Files Modified | Files Deleted | Successful File Read Access | Failed attempt to Read File | Failed attempt to Write File | Failed attempt to Delete File | Folder Permission Changes | Folder Audit Setting Changes (SACL) | Files Moved (or) Renamed | Changes based on Users | Changes based on Servers | Files Copy-N-Pasted

164.308 (a) (4) / 164.308 (a) (1)

Object Changes in AD

All AD Changes | All AD Changes By User | All AD Changes on DCs | User Management | Group Management | Computer Management | OU Management | GPO Management | Administrative User Actions

164.308 (a) (5) (ii) (c)

Successful Logon / Logoff | Unsuccessful Logon | Terminal Service Logon

Currently Logged On Users | Logon Duration | Local Logon Failures | Logon History | Terminal Services Activity | Users Logon Duration on Computers | Interactive Logon Failure | Terminated Users Session | RADIUS Logon Failures (NPS) | RADIUS Logon History (NPS)

164.308 (a) (4) (c)

User Rights / Security Options Changes | Local Audit Policy Changes

User Permission Changes | Domain Level Permission Changes | Group Policy Settings Changes | Computer Configuration Changes | User Configuration Changes | Password Policy Changes | Account Lockout Policy Changes | Security Settings Changes | Administrative Template Changes | User Rights Assignment Changes | Windows Settings Changes | Group Policy Permission Changes | Group Policy Preferences Changes | Group Policy Settings History | Extended Attribute Changes | Domain Object Changes: Domain Policy Changes | Changes to Domain DNS Object | Domain Level Permission Changes

Local Policy Changes (Server Audit Reports)

Summary Report | Process Tracking | Policy Changes | System Events | Object Management | Scheduled Task

A Few of the Other Pre-Configured Compliance Reports

SOX Compliance Reports

Recent User Logon Activity | Logon Failures | Terminal Services Activity | Logon Duration | Domain Policy Changes | Logon History | User Management | Group Management | Computer Management | OU Management | GPO Management | Administrative User Actions | All File or Folder Changes

PCI-DSS Compliance Reports

Recent User Logon Activity | Logon Failures | Terminal Services Activity | Logon History | Administrative User Actions | All File or Folder Changes | RADIUS Logon History (NPS) | Successful File Read Access | Folder Permission Changes | Folder Audit Setting Changes

GLBA Compliance Reports

Folder Audit Setting Changes | Folder Permission Changes | Successful File Read Access | All File or Folder Changes | GPO Management | User Management | Group Management | Domain Policy Changes | Logon Duration | Local Logon Failures | Terminal Services Activity

FISMA Compliance Reports

Terminal Services Activity | Local Logon Failures | Logon History | Group Management | User Management | Administrative User Actions | Computer Management | OU Management | All File or Folder Changes | Failed attempt to Write File | Failed attempt to Delete File

  •  
    ADAudit Plus has helped us meet certain SOX and PCI compliance requirements. Liking the automated monthly reports for SOX, ease of use, implementation and very cost effective solution.
     
     
    Jeffrey O'Donnell
    Director of IT,
    Uncle Bob’s Self Storage
  •  
    We finalized on ManageEngine ADAudit Plus, primarily for our SOX Audit reports and I think the tool, with its easy to comprehend output is very cool and the highly competitive pricing helped grab our attention.
     
     
    Andreas Ederer
    Cosma International
  •  
    We are an emergency healthcare provider. We see the software as good risk avoidance with some good risk management practices and help us meet HIPAA compliance. We chose ADAudit Plus, which works 24/7/365 like us.
     
     
    JT Mason
    Director of IT
    California Transplant Donor Network (CTDN)
  •  
    We evaluated different software; ADAudit Plus is extremely easy to deploy and a cost-effective solution that helped us pass several industry related security audits, in-depth PEN audit test and meet HIPAA security guidelines.
     
     
    Renee Davis
    CIO
    Life Management Center
  •  
    We are a not for profit organization and had to satisfy HIPAA requirements, we chose ADAudit Plus which helped us to see what changes were made and who made them in our AD.
     
     
    CMenendez
    Manager of Network Operations
    Kendal
  •  
    ADAudit Plus was the simplest and most relevant from the several products we trialed to monitor user logon failures, account cleaning, to keep a check on malicious activities and meet PCI-DSS compliance.
     
     
    Bernie Camus
    IT Manager
    Iglu.com

Active Directory Auditing and Reporting trusted by

A single pane of glass for complete Active Directory Auditing and Reporting