The Health Insurance Portability and Accountability Act, also known as HIPAA, is a compliance standard that was implemented in 1996 after the healthcare industry adopted computerization of all information. Although computerization has increased the efficiency in managing patient data, it comes with some security concerns. HIPAA defines certain industry standards to secure all kinds of sensitive electronic protected health information (ePHI).
If your organization fits one of the profiles below, then it must comply with HIPAA standards:
HIPAA non-compliance can end in an organization facing both civil and criminal charges. HIPAA violations are classified into the following four categories:
All of the violations above can attract fines ranging from $50,000 to $1.5 million.
HIPAA compliance requirements come with a set of technical safeguards that are categorized as “required” or “addressable.” Complying with the addressable safeguards is mostly dependent on your network infrastructure. The required safeguards are mandatory and are split into two sections: access and security.
Access: This calls for the creation of unique login credentials for every individual user. It also requires saving activity logs to keep track of user logins.
Security: This requires organizations to encrypt all passwords and data. It also mandates automatically logging users off after a certain period of inactivity.
The following features of Network Configuration Manager help you implement the set of required safeguards to secure sensitive ePHI.
Prevent unauthorized users from accessing your network by implementing a unique user ID and password for every user with Network Configuration Manager. In Network Configuration Manager, the scope of access of every user in the network also depends on their assigned role. Roles like network operators can't directly make changes or upload configurations to devices. The change workflow’s approval mechanism ensures your organization’s admin approves all change requests.
Network Configuration Manager allows you to keep track of user activity. It offers a detailed look into the who, what, and when of changes made to your network. The user activity log also informs you if a change was authorized or unauthorized, and who approved it.
Configure a session timeout on the console port after a specified period of idle time to automatically log users out of the system. You can specify the timeout period by executing configlets in Network Configuration Manager.
Resources on devices from vendors like Cisco are protected with plain text passwords. This can make your device vulnerable to attacks and so the passwords have to be encrypted. You can encrypt the passwords by executing configlets in Network Configuration Manager.
With Network Configuration Manager, you can remediate rule violations with configlets, executable configuration templates that help you automate configuration tasks. When you run a compliance check on the associated devices, the compliance report displays a list of all devices that are in violation. These violations can be fixed directly from the reports by executing the relevant rule’s remediation configlet. This eliminates any chance of a data breach and lowers the likelihood of non-compliance with HIPAA.