What is HIPAA Compliance?

The Health Insurance Portability and Accountability Act, also known as HIPAA, is a compliance standard that was implemented in 1996 after the healthcare industry adopted computerization of all information. Although computerization has increased the efficiency in managing patient data, it comes with some security concerns. HIPAA defines certain industry standards to secure all kinds of sensitive electronic protected health information (ePHI).

Who should comply with the HIPAA Standards?

If your organization fits one of the profiles below, then it must comply with HIPAA standards:

  • Healthcare providers
  • Health plan providers
  • Healthcare clearinghouses (intermediaries that forward claims information from the healthcare providers to the insurance payers)
  • Business associates of the organizations mentioned above

Types and consequences of HIPAA violations

HIPAA non-compliance can end in an organization facing both civil and criminal charges. HIPAA violations are classified into the following four categories:

  1. A violation that the individual or organization was unaware of, but could have been avoided if reasonable care had been taken to abide by HIPAA rules.
  2. A violation that has a reasonable cause and could not have been avoided, even if proper care had been taken.
  3. A violation that occurred due to willful neglect but has been rectified within the stipulated period.
  4. A violation due to willful neglect, in which no remedial measures have been taken.

All of the violations above can attract fines ranging from $50,000 to $1.5 million.

HIPAA compliance requirements:

HIPAA compliance requirements come with a set of technical safeguards that are categorized as “required” or “addressable.” Complying with the addressable safeguards is mostly dependent on your network infrastructure. The required safeguards are mandatory and are split into two sections: access and security.

Access: This calls for the creation of unique login credentials for every individual user. It also requires saving activity logs to keep track of user logins.

Security: This requires organizations to encrypt all passwords and data. It also mandates automatically logging users off after a certain period of inactivity.

How does Network Configuration Manager help in staying HIPAA-compliant?

The following features of Network Configuration Manager help you implement the set of required safeguards to secure sensitive ePHI.

1. Role based access control :

Prevent unauthorized users from accessing your network by implementing a unique user ID and password for every user with Network Configuration Manager. In Network Configuration Manager, the scope of access of every user in the network also depends on their assigned role. Roles like network operators can't directly make changes or upload configurations to devices. The change workflow’s approval mechanism ensures your organization’s admin approves all change requests.

2. User activity log:

Network Configuration Manager allows you to keep track of user activity. It offers a detailed look into the who, what, and when of changes made to your network. The user activity log also informs you if a change was authorized or unauthorized, and who approved it.

3.Console timeout:

Configure a session timeout on the console port after a specified period of idle time to automatically log users out of the system. You can specify the timeout period by executing configlets in Network Configuration Manager.

4.Enable secret password:

Resources on devices from vendors like Cisco are protected with plain text passwords. This can make your device vulnerable to attacks and so the passwords have to be encrypted. You can encrypt the passwords by executing configlets in Network Configuration Manager.

How to fix HIPAA violations with Network Configuration Manager:

With Network Configuration Manager, you can remediate rule violations with configlets, executable configuration templates that help you automate configuration tasks. When you run a compliance check on the associated devices, the compliance report displays a list of all devices that are in violation. These violations can be fixed directly from the reports by executing the relevant rule’s remediation configlet. This eliminates any chance of a data breach and lowers the likelihood of non-compliance with HIPAA.

Want to make your network compliant with other industry standards? Check out how to achieve PCI compliance and SOX compliance with Network Configuration Manager.