1

HIPAA COMPLIANCE WITH DELL

2

SECURITY

Administrative Procedures:

Administrative Procedures:

To ensure security plans, policies, procedures, training, and contractual agreements exist

To ensure security plans, policies, procedures, training, and contractual agreements exist

Physical Safeguards:

Physical Safeguards:

Technical Security Services:

Technical Security Services:

Technical Security Mechanisms:

Technical Security Mechanisms:

To provide assigned security responsibility and controls over all media and devices

To provide assigned security responsibility and controls over all media and devices

To provide specific authentication, authorization, access, & audit controls to prevent improper access to electronically stored information

To provide specific authentication, authorization, access, & audit controls to prevent improper access to electronically stored information

To establish communications/network controls to avoid the risk of

interception and/or alteration during electronic transmission of information

To establish communications/network controls to avoid the risk of

interception and/or alteration during electronic transmission of information

3

SPECIFICS

Requirement Dell/Partner

Administrative Procedures to Guard Data Confidentiality, Integrity and

Availability

Administrative Procedures to Guard Data Confidentiality, Integrity and

Availability

Periodic inventory of hardware/software assets IT Assets Report

Periodic security testing, including hands-on functional testing and verification

Dell Vulnerability Scanning/Assessment

Intrusion monitoring

Patch Assessment

Business Partner Agreements Appropriate contractual language to preserve “chain of trust”

Contingency plan requiring formal assessment of the sensitivity, vulnerabilities, and security of covered entities

Dell Vulnerability Scanning/Assessment

Intrusion Monitoring

Patch Assessment

Proactive vulnerability assessments Network Vulnerability Assessment

Windows Intrusion monitoring

Vulnerability scanning

Patch Assessment

4

SPECIFICS

Requirement Dell/Partner

Technical Security Services Technical Security Services

Ongoing monitoring of information system to determine if system has been compromised, misused or accessed by unauthorized individuals

Overall IT monitoring

Off-site Monitoring and Management

Intrusion Monitoring/Alerting

Patch Assessment

Technical Security Mechanisms Technical Security Mechanisms

Event reporting mechanisms Automated security alerts, notification, and escalation capabilities

Alarm System

Audit Trails

Real-time intrusion alerts; monthly intrusion summaries: login/logout activity by user/device; failed login details report; account modification activity by user/account report

5

ADMINISTRATIVE PROCEDURES

Solution: Documents need for periodic inventory of IT assets

Requirement: Maps to configuration management requirement

6

ADMINISTRATIVE PROCEDURES

Requirement: “Periodic security testing”

Solution: Internal security assessment; vulnerability testing

and verification

7

TECHNICAL SECURITY MECHANISMS

Monthly Summaries

Requirement: audit trails

Demonstrates who touched what and

when

Solution: Captures

unauthorized activity and users

8

Solution: Reduce costs of keeping up with Microsoft patches by automating identification and

mitigation processes

Requirement: Determine areas of network that are vulnerable because of missing patches

TECHNICAL SECURITY SERVICES

9

TECHNICAL SECURITY SERVICES & MECHANISMS

Solution: Document that critical pieces of security

infrastructure are protected 24x7

Requirement: Assure firewall is

operating efficiently

10

TECHNICAL SECURITY MECHANISMS

ENSURE AUTOMATED EVENT REPORTING, NOTIFICATION AND ESCALATION

11

DELL BENEFITS

Reduce overall costs of complying with HIPAA– Automates preparation of audit and asset requirements

Achieve compliance in the shortest time possible– Predefined monthly summary reports allow for

immediate deployment by network administrators and privacy officers

Minimize the impact of compliance on day-to-day operations– Provides one central view of IT resources and security

requirements Enables preparation of a “full graphic response” to

security requirements –not just legal forms Printable reports, easily exported to Excel, other

formats