1 hipaa compliance with dell. 2 security administrative procedures: to ensure security plans,...
TRANSCRIPT
1
HIPAA COMPLIANCE WITH DELL
2
SECURITY
Administrative Procedures:
Administrative Procedures:
To ensure security plans, policies, procedures, training, and contractual agreements exist
To ensure security plans, policies, procedures, training, and contractual agreements exist
Physical Safeguards:
Physical Safeguards:
Technical Security Services:
Technical Security Services:
Technical Security Mechanisms:
Technical Security Mechanisms:
To provide assigned security responsibility and controls over all media and devices
To provide assigned security responsibility and controls over all media and devices
To provide specific authentication, authorization, access, & audit controls to prevent improper access to electronically stored information
To provide specific authentication, authorization, access, & audit controls to prevent improper access to electronically stored information
To establish communications/network controls to avoid the risk of
interception and/or alteration during electronic transmission of information
To establish communications/network controls to avoid the risk of
interception and/or alteration during electronic transmission of information
3
SPECIFICS
Requirement Dell/Partner
Administrative Procedures to Guard Data Confidentiality, Integrity and
Availability
Administrative Procedures to Guard Data Confidentiality, Integrity and
Availability
Periodic inventory of hardware/software assets IT Assets Report
Periodic security testing, including hands-on functional testing and verification
Dell Vulnerability Scanning/Assessment
Intrusion monitoring
Patch Assessment
Business Partner Agreements Appropriate contractual language to preserve “chain of trust”
Contingency plan requiring formal assessment of the sensitivity, vulnerabilities, and security of covered entities
Dell Vulnerability Scanning/Assessment
Intrusion Monitoring
Patch Assessment
Proactive vulnerability assessments Network Vulnerability Assessment
Windows Intrusion monitoring
Vulnerability scanning
Patch Assessment
4
SPECIFICS
Requirement Dell/Partner
Technical Security Services Technical Security Services
Ongoing monitoring of information system to determine if system has been compromised, misused or accessed by unauthorized individuals
Overall IT monitoring
Off-site Monitoring and Management
Intrusion Monitoring/Alerting
Patch Assessment
Technical Security Mechanisms Technical Security Mechanisms
Event reporting mechanisms Automated security alerts, notification, and escalation capabilities
Alarm System
Audit Trails
Real-time intrusion alerts; monthly intrusion summaries: login/logout activity by user/device; failed login details report; account modification activity by user/account report
5
ADMINISTRATIVE PROCEDURES
Solution: Documents need for periodic inventory of IT assets
Requirement: Maps to configuration management requirement
6
ADMINISTRATIVE PROCEDURES
Requirement: “Periodic security testing”
Solution: Internal security assessment; vulnerability testing
and verification
7
TECHNICAL SECURITY MECHANISMS
Monthly Summaries
Requirement: audit trails
Demonstrates who touched what and
when
Solution: Captures
unauthorized activity and users
8
Solution: Reduce costs of keeping up with Microsoft patches by automating identification and
mitigation processes
Requirement: Determine areas of network that are vulnerable because of missing patches
TECHNICAL SECURITY SERVICES
9
TECHNICAL SECURITY SERVICES & MECHANISMS
Solution: Document that critical pieces of security
infrastructure are protected 24x7
Requirement: Assure firewall is
operating efficiently
10
TECHNICAL SECURITY MECHANISMS
ENSURE AUTOMATED EVENT REPORTING, NOTIFICATION AND ESCALATION
11
DELL BENEFITS
Reduce overall costs of complying with HIPAA– Automates preparation of audit and asset requirements
Achieve compliance in the shortest time possible– Predefined monthly summary reports allow for
immediate deployment by network administrators and privacy officers
Minimize the impact of compliance on day-to-day operations– Provides one central view of IT resources and security
requirements Enables preparation of a “full graphic response” to
security requirements –not just legal forms Printable reports, easily exported to Excel, other
formats