Keeping Your SharePoint HIPAA Compliant

If your healthcare organization is subject to periodic audit checks, are you sure that the patient electronic protected health information (ePHI) you store on Microsoft SharePoint is secure? Is your SharePoint HIPAA compliant, and can you easily provide definitive evidence for auditors? The right solution can enable you to answer these questions with a confident “Yes!” Moreover, it will streamline your SharePoint HIPAA compliance processes and enable you to efficiently tackle the challenges being thrown at you by constantly growing and increasingly strict regulations.

What do the SharePoint HIPAA compliance requirements mean?

Under HIPAA, a business associate agreement (BAA) is a contract between any HIPAA-covered entities (such as hospitals or doctors) and a HIPAA business associate (BA) (such as accounting or consulting firms). From the moment that health information of an individual is involved, both the HIPPA healthcare organization and the BA are automatically subject to HIPAA, including the HIPAA Security Rule and the HIPAA Privacy Rule. Accordingly, they must take complete responsibility for the security of the patient information.

HIPAA was not effectively enforced until the HITECH Act was enacted in 2009. Among other things, HITECH added the HIPAA Breach Notification Rule, which requires full disclosure of any leaks of protected health information (PHI) directly to both the patients and government authorities.

Because many healthcare organizations and BAs use Microsoft Office SharePoint to keep and share critical data, they must take steps to ensure SharePoint HIPAA compliance. In particular, to successfully pass HIPAA audit checks, they must adhere to the following HIPAA guidelines:

• Enable efficient security management process (§ 164.308 (a)(1)(i)).
• Analyze risks (§ 164.308 (a)(1)(ii)(A)).
• Manage information access (§ 164.308 (a)(4)(i)).
• Establish authorized access and properly modify it (§ 164.308 (a)(4)(ii)(C)).
• Protect your data from malicious software (§ 164.308 (a)(5)(ii)(B)).
• Enable reporting (§ 164.308 (a)(6)(ii)).
• Gain control over data access (§ 164.312(a)(1)).
• Have all activity trail documented, securely stored and available at an auditor’s request (§ 164.316).
• And more.

Easily prove that your SharePoint is HIPAA compliant with Netwrix Auditor

Is your SharePoint HIPAA compliant? Is your compliance reporting process streamlined? Can you provide enough evidence to prove your adherence to the HIPAA requirements? Netwrix Auditor for SharePoint ensures you can answer these questions in the affirmative with no doubts. The solution delivers 360-degree visibility into what’s happening in your SharePoint environment, so you can establish proper audit controls and align your reporting processes to HIPAA requirements with less effort and expense.

• Stay on top of all SharePoint activity with actionable security analytics that provide who, what, when, where details for each content change or user access to SharePoint documents, including ePHI.
• Slash HIPAA audit preparation time by at least 50% with predefined reports, including pre-built compliance reports mapped to HIPAA requirements and the requirements of other most common regulatory standards, including FISMA/NIST, GDPR, PCI DSS, and more.
• Simplify compliance reporting by subscribing yourself or security officers to the specific reports they need or by simply regularly saving the requested reports in a shared folder and providing access to it whenever an auditor appears at your door.
• Easily find answers to specific auditors’ questions by using the Google-like interactive search to drill down into the audit data and quickly get to the root cause of suspicious activity.
• Configure alerts on critical activity to ensure quick response, gain peace of mind and mitigate the risk of compliance failure.
• Consolidate and archive your audit trails for over 10 years in the cost-effective two-tiered (SQL database + file-based) storage, and access them easily during your next audit check.