Safeguard ePHI with Confidence: Endpoint Central for HIPAA

Conduct an accurate and thorough assessment of risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI (§ 164.308(a)(1)(ii)(A))

Built-in vulnerability assessment and security misconfiguration detection provide continuous visibility into risks across Windows, macOS, and Linux endpoints. Reports cover patch status, firewall settings, encryption status, antivirus protection, and high-risk software.

Implement security measures to reduce risks and vulnerabilities to a reasonable level (§ 164.308(a)(1)(ii)(B))

Automated Patch Deployment remediates missing patches across operating systems and third-party applications. USB device control, firewall configurations, prohibited software policies, and browser security further reduce the attack surface.

Regularly review records of information system activity, including audit logs and incident tracking (§ 164.308(a)(1)(ii)(D))

Reporting on user logon activity, USB usage, software changes, antivirus updates, firewall status, and encryption compliance enables periodic system reviews. SIEM integrations support centralized monitoring and correlation.

Authorize and supervise workforce members who work with ePHI (§ 164.308(a)(3)(ii)(A))

Granular file, folder, and registry permission management ensures users access only the ePHI required for their role. User logon tracking supports workforce supervision.

Implement procedures to determine that the access of a workforce member to ePHI is appropriate (§ 164.308(a)(3)(ii)(B))

Permissions granted to users and groups are managed centrally and auditable from the console. Periodic review of logon reports surfaces inactive accounts and inappropriate access, supporting workforce clearance procedures.

Implement policies and procedures for granting access to ePHI through workstations, transactions, programs, processes, or other mechanisms (§ 164.308(a)(4)(ii)(B))

Group Management enables administrators to add, remove, or modify user policies and groups securing access to ePHI. Drive-mapping permissions, application control, and conditional-access policies tighten access at the resource level.

Security reminders: Periodic security updates (§ 164.308(a)(5)(ii)(A))

Automated Patch Deployment, antivirus definition updates, and driver updates keep every managed endpoint current. The DPO/compliance dashboard surfaces drift in real time.

Procedures for guarding against, detecting, and reporting malicious software (§ 164.308(a)(5)(ii)(B))

The built-in next-generation antivirus engine detects malware in real time using AI-assisted behaviour analytics and deep learning. Prohibited-software policies and executable blocking close additional vectors. Endpoint quarantine isolates compromised devices pending forensic review.

Procedures for monitoring log-in attempts and reporting discrepancies (§ 164.308(a)(5)(ii)(C))

Dedicated reports on user logon/logoff, last logon failed user accounts, currently logged-on users, and currently logged-on computers provide continuous visibility into authentication activity.

Procedures for creating, changing, and safeguarding passwords (§ 164.308(a)(5)(ii)(D))

Administrators can enforce password policies, reset user passwords, and on mobile devices configure passcode complexity, length, expiry, and reuse history through MDM profiles.

Identify and respond to suspected or known security incidents; mitigate harmful effects and document outcomes (§ 164.308(a)(6)(ii))

Real-time threat alerts, endpoint quarantine, and one-click remediation actions support rapid incident response. Patented anti-ransomware creates non-erasable backups every three hours via Microsoft volume shadow copy service, enabling recovery without paying threat actors.

Establish and implement a data backup plan to create and maintain retrievable exact copies of ePHI (§ 164.308(a)(7)(ii)(A))

Endpoint Central supports endpoint recovery through anti-ransomware protection and tamper-protected shadow copies that enable rapid restoration of affected files following ransomware incidents. While these capabilities improve operational resilience and recovery, organizations should maintain dedicated backup and disaster recovery solutions to satisfy broader ePHI backup and retention requirements.

Device and media controls, accountability and media movement: maintain a record of the movements of hardware and electronic media containing ePHI, and the persons responsible (§ 164.310(d)(1))

Centralised hardware inventory management provides a continuously updated record of every managed laptop, desktop, server, and mobile device — including assigned user, location, and movement history. Geo-fencing defines virtual boundaries for mobile devices, alerting administrators when a device leaves an authorised location and supporting the accountability requirement for media that carry ePHI.

Disposal: implement policies and procedures to address the final disposition of ePHI and the hardware or electronic media on which it is stored (§ 164.310(d)(2)(i))

Remote wipe and selective wipe capabilities remove corporate data from devices being retired, reassigned, or reported lost. Mobile device factory reset is also supported.

Access control: implement technical policies and procedures that allow only authorized persons or software programs access to ePHI (§ 164.312(a)(1))

Granular file, folder, and registry permissions, application allowlisting/blocklisting, conditional access policies for mobile devices, and just-in-time access enforce least-privilege access to ePHI.

Automatic logoff: implement electronic procedures that terminate an electronic session after a predetermined time of inactivity (§ 164.312(a)(2)(iii))

Power management configurations enforce screen lock and re-authentication after inactivity. Remote lock, sign-off, and shutdown actions are available on demand.

Encryption and decryption: implement a mechanism to encrypt and decrypt ePHI (§ 164.312(a)(2)(iv))

BitLocker management for Windows and FileVault for macOS deliver native full-disk encryption with central key escrow and recovery. For mobile devices, Endpoint Central enforces encryption through MDM profiles managed from the same unified console, enabling organizations to apply and monitor encryption policies across Windows, macOS, Android, and iOS devices without relying on separate management tools.

Audit controls: implement hardware, software, and procedural mechanisms that record and examine activity in information systems that contain or use ePHI (§ 164.312(b))

Centralised inventory of hardware and software details for mobile devices, desktops, and laptops. Endpoint Central integrates with SIEM platforms for centralised correlation and long-term retention.

Integrity: implement policies and procedures to protect ePHI from improper alteration or destruction (§ 164.312(c)(1))

Patented anti-ransomware monitors unusual file movements and supports the creation of non-erasable, three-hourly backups via volume shadow copy. Application allowlisting prevents unauthorised software from altering ePHI; file-integrity reporting flags unexpected changes.

Person or entity authentication: implement procedures to verify that a person or entity seeking access to ePHI is the one claimed (§ 164.312(d))

Strong password and passcode policies, mobile passcode profiles with history and complexity rules, and two-factor authentication for console access verify identity. Role-based administration scopes what authenticated technicians can see and do.

Transmission security: implement technical security measures to guard against unauthorised access to ePHI transmitted over an electronic communications network (§ 164.312(e)(1))

Agent-to-server communication is hardened with 256-bit AES encryption, and the product can be operated in FIPS 140-2 mode for cryptographic operations. Remote troubleshooting sessions are encrypted end to end.