FISMA 
HIPAA Compliance
Under Title II of the Health Insurance Portability and Accountability Act of 1996(HIPAA), all U.S. organizations that handle patient information-providers, hospitals, medical centers, diagnostic centers, employers, and insurers-must protect the confidentiality and security of patient records.
This requirement presents an enormous challenge for IT departments, which must secure all patients' electronic protected health information (EPHI) regardless of data location, and must prevent inappropriate access with proactive and reactive controls. Continual checks throughout the year are required to ensure that controls are in place and are effective throughout the organization, in addition to an annual review of all internal controls with extensive reporting to auditors.
|
Control |
Safeguard |
HIPAA Requirement |
Blackbird Solution |
|
Security Management |
Risk Analysis |
164.308(a)(1)(ii)(A) |
IT, data owners, and audit teams can view privileges across the enterprise and see who has access to EPHI, how and when they got that access, and instantly determine whether policy objectives are being met. |
|
Risk Management |
164.308(a)(1)(ii)(B) |
Monitor critical changes to Active Directory and Group policy that could impact the security posture of desktops and servers. |
|
|
Information System Activity Review |
164.308(a)(1)(ii)(D) |
For Active Directory, Group Policy, and the Windows File System, fast, easy, and accurate answers to four questions are provided by Blackbird's built-in security and compliance reporting library: WHO made changes? WHAT changes were made? WHERE were changes made? WHEN were changes made? |
|
|
Workforce Security |
Authorization and /or Supervision |
164.308(a)(3)(ii)(A) |
Create customizable workflows for security teams, so they can that automate the creation, review, and approval of entitlements and roles-putting true accountability in the hands of the data owners and ensuring that EPHI security is maintained. |
|
Information Access Management |
Access Establishment and Notification |
164.308(a)(4)(ii)(C) |
Document your provisioning processes and create audit trails for all Active Directory and Windows file systems that secure and provide access to financial information Blackbird automates agency-wide reporting on user entitlements and access. All changes are stored in a centralized auditing database, and automated reports can be sent to administrators, security officers, and business data owners on a set schedule. |
|
Log on Monitoring |
164.308(a)(5)(ii)(C) |
Blackbird provides instant insight into important security events including: · Reports on Successful User Logons · Reports on Successful User Logoffs · Reports on Logon Attempts |
|
|
Password Management |
164.308(a)(5)(ii)(D) |
Create provisioning processes for users. Administrators and risk managers can track changes to Group Policy that affect Password, Kerberos, and audit policies. |
|
|
Contingency Planning |
Disaster Recovery Plan |
164.308(a)(7)(ii)(B) |
Audit, alert and instantly recover from changes to Active Directory, Group Policy and File permissions that can affect the security of desktops and servers hosting sensitive data and/or applications. |
|
Audit Controls |
Record and review administrator and user activity |
164.312(b) |
Centrally track Active Directory and File System activity using a interactive data governance console. |
NEXT STEPS
On Demand Demo
See an online product tour
One-To-One Demo
Schedule a personalized tour
Compare Products
See side-by-side features
