Hospital Ensures Accountability of Privileged Users and Saves up to $40,000 Annually on HIPAA Audits
Continuous monitoring of user activity with Netwrix Auditor enables Henry County Hospital to streamline compliance efforts
Irvine, CA, March 21, 2017
Netwrix Corporation, provider of a visibility platform for data security and risk mitigation that enables healthcare organizations to proactively detect and remediate internal and external cyber threats, announced today that Henry County Hospital enhanced control of privileged user activity and streamlined its HIPAA compliance by leveraging the user activity monitoring provided by Netwrix Auditor.
Henry County Hospital in Napoleon, Ohio, US, is a charitable, not-for-profit community hospital that offers a wide range of primary, acute and rehabilitative services to the residents of Henry County and surrounding areas. Because it collects and uses protected health information (PHI), Henry County Hospital has to undergo a HIPAA compliance risk assessment every year. To comply with HIPAA’s rigorous requirements and avoid heavy fines for non-compliance, the hospital needed visibility into the activity of privileged users.
The IT team looked for a solution that could monitor user activity across Active Directory, Group Policy and Windows file servers. They opted for Netwrix Auditor because it supports all required systems and enables video recording of user activity as an additional security layer. Using the product, the team achieved the following results:
- Increased accountability of privileged users. Daily reports and alerts on changes, especially to the Domain Admins group, along with the video recording capability, enable the hospital’s IT team to keep tabs on privileged users’ activity and ensure there are no internal threats putting data at risk, as required by HIPAA.
- Complete control over file access permissions. Netwrix Auditor enabled the IT team to detect excessive user permissions and rebuild the file server permissions structure from the ground up. This ensures that sensitive data is accessed only on a need-to-know basis, reducing the risk of accidental or deliberate misuse.
- Time and cost savings on audit preparation. Automated monitoring and out-of-the-box HIPAA compliance reports simplify internal processes for preparing for audits, and enable the hospital to readily prove compliance and address auditors’ questions in a timely manner. In fact, the solution eliminated the need to assign a full-time employee to manually monitor user activity, saving the hospital at least $40,000 per year.
"There are so many external and internal threats that you have to be proactive or you are just setting yourself up to be compromised. Netwrix Auditor helped us to monitor everything from privileged user activity across file shares to Active Directory and Group Policy changes that are so hard to track. Basically, the product does everything for you without a lot of manual work and cuts off almost 100% of your time from an auditing perspective," said Geoffrey Robinson, Server/Storage Administrator at Henry County Hospital.
"To avoid large non-compliance fines and reputational damage, healthcare providers should regularly demonstrate to auditors that patient data is secure," said Michael Fimin, CEO and co-founder of Netwrix. "Complete visibility into what is going on in the IT infrastructure simplifies managing security risks and helps IT teams demonstrate the efficacy of existing security controls, which results in faster, less painful checks and improved grades with regulators."
Netwrix Auditor is a visibility platform for data security and risk mitigation that enables healthcare organizations to gain control over what’s going on in the most critical areas of their IT infrastructures, ensure data integrity and reduce compliance audit preparation time.
To read the complete case study, please visit: www.netwrix.com/go/henry_county_hospital
About Netwrix Corporation
Netwrix Corporation was the first vendor to introduce a visibility and governance platform for hybrid cloud security. More than 160,000 IT departments worldwide rely on Netwrix to detect insider threats on premises and in the cloud, pass compliance audits with less effort and expense, and increase productivity of IT security and operations teams. Founded in 2006, Netwrix has earned more than 100 industry awards and been named to both the Inc. 5000 and Deloitte Technology Fast 500 lists of the fastest growing companies in the U.S. For more information, visit www.netwrix.com
Avista PR for Netwrix
Your questions and feedback are always welcome. Please dial our toll-free number, 888-638-9749, or enter your question details here and we will reply as soon as possible.