The Health Insurance Portability and Accountability Act (HIPAA) addresses the security of private patient healthcare data. Failure to abide by HIPAA regulations can lead to higher business costs, civil monetary penalties, and negative media exposure.
Today's identity access management frameworks – including Microsoft Active Directory, Oracle Identity Manager, and others – don't detect or secure the privileged, "super-user" accounts that hold elevated permission to access electronic patient records, run programs, and change configuration settings on servers, workstations, applications and network appliances.
Lieberman Software helps healthcare providers comply with regulatory mandates by safeguarding privileged accounts, and providing the auditing and control necessary to address key HIPAA requirements:
| 45§164.308(1)(D) |
| Implement audit logs, access reports, and security incident tracking reports. |
| 45§164.308(3)(i) |
| Prevent unauthorized members from obtaining access. |
| 45§164.308(3)(B) |
| Implement procedures to determine that the access of a workforce member to electronic protected health information is appropriate. |
| 45§164.308(3)(C) |
| Implement procedures for terminating access to electronic protected health information when the employment of a workforce member ends. |
| 45§164.308(5)(C) |
| Implement procedures for monitoring log-in attempts and reporting discrepancies. |
| 45§164.308(5)(D) |
| Implement procedures for creating, changing, and safeguarding passwords. |
| 45§164.312(a)(1) |
| Allow access only to those persons or software programs that have been granted access rights. |
| 45§164.312(2)(i) |
| Assign a unique name and/or number for identifying and tracking user identity. |
| 45§164.312(2)(b) |
| Implement mechanisms that record and examine activity in information systems that contain or use electronic protected health information. |
Enterprise Random Password Manager (ERPM) hardens and auto-propagates secured privileged login credentials wherever they may reside and provides a reliable audit trail to document the requestors, systems and accounts, timeframes, and purpose of each access request.
ERPM also provides IT personnel the automation necessary to ensure that the organization's security policies are efficiently put into practice.
