HIPAA Compliance Enforcement for Endpoints

Experts agree that the encryption state of endpoint devices will be a focus in 2014 for federal regulators enforcing HIPAA compliance. According to the "Fourth Annual Benchmark Study on Patient Privacy & Data Security" by the Ponemon Institute, the average cost of data breaches to a healthcare organization "is approximately $2 million over a two-year period". While significant, this is even more alarming when you realize that the "most significant breaches in terms of records lost are caused by Lost/Stolen Media", according to "The Financial Impact of Breached Protected Health Information" by ANSI.

How do you know that everyone with access to your data has their hard disk encrypted?

Enforcing HIPAA technology compliance regulations across all employees and contractors can be a challenge for any healthcare organization. When you factor in the increased use of BYOD in organizations it quickly becomes an unmanageable situation. An administrator needs to ensure that those with access to the organization's network maintain their hard disk encryption state as well as have a password set at all times. Additionally, the administrator needs to confirm that those Guest or BYOD devices adhere to the security and compliance policies for the organization at all times. To accomplish this efficiently, tools need to be in place that provide the ongoing analysis of the security and compliance state of endpoints, as well as the ability to prevent access to the network for those devices that fail to meet the defined requirements. These tools are needed to allow you, as an IT administrator, to say confidently that all of the devices under your control adhere to your HIPAA compliance requirements.

OPSWAT's newest platform, Gears, helps technology administrators of healthcare organizations, both large and small, by providing the tools to define and enforce the HIPAA technology compliance controls. Using a solution like Gears that can monitor the encryption state of a device and whether the device is password protected is crucial for these organizations. Through a unique dashboard you are able to quickly gain insight into the state of all the endpoints within an organization, and quickly hone in on those devices that do not have their hard disks encrypted or passwords set. Gears allows administrators to be alerted immediately if a device falls out of compliance or prevent access to a network if a user fails to meet compliance.

Watch the video below to see how to configure Gears to provide this automation for your healthcare organization.