About HIPAA Compliance

HIPAA establishes U.S. national standards for protecting the confidentiality, integrity and availability of individually identifiable electronic health information. Healthcare providers and other covered entities are subject to HIPAA compliance requirements if they transmit or maintain such information. The consequences of non-compliance are severe and can include large fines, damage to the organization's reputation, and the need to adopt corrective action plans, which all result in lost revenue.

HITECH Act Expands the Power of HIPAA

Signed into law in 2009, the Health Information Technology for Economic and Clinical Health (HITECH) Act expands the scope and enforcement power of the HIPAA regulations. In particular, the law establishes extended liability under the HIPAA rules to business associates of covered entities and establishes that non-compliance can now result in criminal charges punishable by jail time.

Maintain a HIPAA compliant IT Environment and Pass Audits with Netwrix Auditor

To achieve and maintain HIPAA IT compliance, organizations need to continuously take administrative, physical and technical measures that establish adequate internal controls in the IT domain. Netwrix Auditor assists with validation of many technical and some administrative policies to help ensure continuous compliance with HIPAA guidelines, and also helps you pass HIPAA audits.

Enable continuous IT auditing to control access to protected health information

Get a complete picture of the current or past state of effective permissions, monitor permission changes, and track who has attempted to access sensitive resources across your IT systems.

Put to use out-of-the-box compliance reports

Preconfigured HIPAA compliance audit reports deliver the information auditors require, including details on all infrastructure changes, user access attempts and system configuration states, so you can prove your HIPAA compliance.

Deliver exactly what your HIPAA auditors want with Interactive Search

When auditors’ questions go beyond the predefined reports, use Interactive Search and advanced filtering to quickly create custom reports that provide the answers.

Avail yourself of a complete audit trail

Having your current and historic audit data securely preserved enables you to identify security and privacy vulnerabilities and address them before they result in a failed audit or a breach of protected health information.

See which HIPAA requirements Netwrix Auditor can help tackle

Netwrix Auditor provides organizations with complete visibility into IT infrastructure changes and data access and delivers compliance auditing, compliance reporting and compliance orchestration. Specifically, it helps you establish proper audit controls and reporting in line with specific requirements of HIPAA compliance regulation defined in the administrative simplification provisions of HIPAA:

Part 164. Security and Privacy

Subpart C. Security Standards for the Protection of Electronic Protected Health Information

Subparagraphs and sections of § 164.308, Administrative safeguards (HIPAA security rule)

Netwrix Auditor capabilities:

  • Enables auditing of IT changes, access attempts, and historic and current system configuration states across multiple IT systems.
  • Facilitates change management, reviewing and monitoring via a change review history reporting mechanism (this mechanism should supplement internal control policies and procedures).
  • Delivers auditing of disabled accounts. Provides automated de-provisioning of inactive user accounts and automated disabling and removal of such accounts.
  • Provides auditing of files and folders and their permissions across the entire IT infrastructure to enable early detection of unauthorized changes to security access settings (granting of new permissions, changes of user access rights, etc.) and ensure the adequacy of technical controls.
  • Enables auditing of all password changes. Provides self-service password management for end users with customizable password security settings and secure access based on user identity verification.
  • Provides a mechanism for quick rollback of unauthorized and accidental changes to Active Directory objects, including restores of deleted objects without the need to reboot a domain controller.
  • Ensures consolidation and archiving of audit trails. Keeps audit data secure for as long as needed, while enabling continued quick access to it.

Subparagraphs and sections of § 164.312, Technical safeguards (HIPAA security rule)

Netwrix Auditor capabilities:

  • Detects and reports on all changes in IT systems where electronic protected health information (ePHI) can be created, held at rest or transmitted.
  • Delivers information in predefined and custom reports that cover all major types of activities across the entire IT infrastructure.
  • Provides the who, what, when and where details for each change or access event, along with the before and after values.
  • Detects and reports on user access attempts to safeguarded resources holding ePHI.
  • Tracks and reports on user account logons and logoffs.

Subparagraphs and sections of § 164.316, Policies and procedures and documentation requirements (HIPAA security rule)

Netwrix Auditor capabilities:

  • Enables comparison of the current state of an IT system to its historic configurations or the baseline configuration.
  • Delivers consolidation and archiving of audit trails, and keeps audit data secure for as long as needed, while enabling quick access to it.
  • Includes scheduled reports, real-time alerts and interactive search that help you stay current on all security incidents and help with early detection of HIPAA compliance violations.

Subpart E. Privacy of Individually Identifiable Health Information

Subparagraphs and sections of § 164.528, Accounting of disclosures of protected health information (HIPAA privacy rule)

Netwrix Auditor capabilities:

  • Holds records of all activities for 10 years or longer in a reliable two-tiered storage system, enabling you to reconstruct all activities and access attempts related to ePHI upon request.
Please note that HIPAA compliance efforts vary in different organizations depending on the configuration of their IT systems, their internal procedures, the nature of the business and other factors. Thus, Netwrix Auditor may facilitate achieving continuous compliance with other privacy, security and breach notification provisions of HIPAA not listed in the chart above.
Find more details about how specific HIPAA controls can be addressed using Netwrix Auditor reports in the Netwrix Auditor mapping guide.
Download Netwrix Auditor Report Mapping (.pdf)

Organizations of all sizes and from various industries rely on us to streamline their HIPAA compliance efforts

"Netwrix Auditor helps us with reporting on attributes that have changed, and allows us to quickly respond to the events that have the potential of taking us out of compliance."

Ofer Amrami,

Director, Infrastructure and Operations,

American Career College