The HIPAA Privacy regulations require health care providers and organizations, as well as their business associates, to develop and follow procedures that ensure the confidentiality and security of Protected Health Information (PHI) when it is transferred, received, handled, or shared. This applies to all forms of PHI, including paper, oral, electronic, etc. Furthermore, only the minimum health information necessary to conduct business is to be used or shared. Patch Manager Plus has taken steps towards HIPAA compliance to ensure confidentiality and security of health information.
The Health Information Technology for Economic and Clinical Health Act (HITECH Act) was passed by the US government in 2009. After 13 years of HIPAA's operation, the HITECH Act was birthed as an extension of HIPAA. As HITECH is a superset of HIPAA, becoming HIPAA compliant automatically gives you certain degree of HITECH compliance. The two acts work together to improve healthcare and protect patient information. HITECH encourages the meaningful use of EHRs (Electronic Health Records) while promoting the security and privacy rules required by the HIPAA Act. In order to be HITECH compliant, organizations need to be HIPAA compliant first. This document will guide you on how Patch Manager Plus helps you achieve a level of HIPAA compliance.
| Requirement | Requirement Description | How Patch Manager Plus fulfills it? |
|---|---|---|
| § 164.308(a)(1)(ii)(A) |
Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity. |
Patch Manager Plus helps in deploying patches across every major operating system (Windows, Mac & Linux) and helps in patching third party applications. The periodic scans initiated in the network gives details of the IT assets in the network and identifies vulnerable systems and applications. Patch Manager Plus also provides exhaustive reports on system vulnerabilities, patches, OS, antivirus, etc. which elaborates the threats present in the network devices. |
| § 164.308(a)(1)(ii)(B) |
Implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level to comply with §164.306(a). |
Patch Manager Plus' Automate Patch Deployment (APD) feature provides administrators with the ability to deploy patches missing in their network computers automatically, without any manual intervention. Periodic patching of vulnerable devices ensures the security of the ePHI available in the network devices. |
| § 164.308(a)(5)(ii)(A) |
Periodic security updates |
Patch Manager Plus provides Automate Patch Deployment (APD) feature, Antivirus definition updates and driver updates to secure the network. |
Disclaimer : ManageEngine does not claim that the bodies using Patch Manager Plus will be HIPAA compliant. Using Patch Manager Plus will only help customers in achieving certain mandates devised for health care companies and other bodies handling personal critical information of the end users.
ISO
PCI
GDPR
HIPAA
RBI
NIST