Skip to main content

Health Insurance Portability and Accountability Act (HIPAA) compliance solution

Our five-step process helps you achieve compliance by examining your complete security management lifecycle.

Service detail

Protecting the confidentiality, integrity and availability of patient information is no longer just a best practice for healthcare organizations, it's a legal requirement.

Highlights

  • Identifies gaps in your organization's security program
  • Provides detailed recommendations for ongoing conformity and compliance
  • Experts help you implement security best practices
  • Security expertise from IBM Security Services' elite team of experienced security professionals

The Health Insurance Portability and Accountability Act (HIPAA) mandates that all healthcare organizations effectively meet Administrative, Technical and Physical safeguards to protect the privacy of patient information, and maintain data integrity for employees, customers and shareholders.

IBM Security Services has demonstrated proven success helping organizations achieve HIPAA compliance, with our consulting services, protection technology, comprehensive managed protection services and up-to-the-minute security intelligence on the latest threats.

Our approach to HIPAA compliance

To help your organization achieve compliance, we employ a five-step process that covers the complete security management lifecycle, including phases for Assessment, Design, Deployment, Management and Education (ADDME). This ADDME process helps identify and analyze gaps between current state and HIPAA requirements, and then designs and helps implement solutions to close those gaps and ensure ongoing conformity.

Once again, the first step to understand your existing compliance posture is to engage IBM Security Services to conduct an assessment, which we call a Security Health Check. The purpose of this assessment is to accurately identify your current compliance posture to your desired compliance posture. Depending on the gaps uncovered, IBM security consultants will provide a variety of recommendations to meet or exceed the deficient controls. If you are already aware of some of your gaps, the following table provides an insight into some of the products and services that IBM might recommend to aid you in achieving your desired level of compliance.

HIPAA Safeguard Categories HIPAA Requirements IBM Security Solutions
Administrative
  • Implement policies and procedures to address information security, including risks
  • Ensure that all members of the workforce have appropriate access to ePHI
  • Restrict unnecessary or inappropriate access to ePHI by business need-to-know and minimum necessary
  • Deploy security awareness and training program for all workforce members
  • Address, respond to and report security incidents
  • Respond to emergency or other occurrence that could damages systems with ePHI
  • Perform periodic technical and non-technical evaluations
Physical
  • Access Control
  • Identity Management
  • Physical Security
Technical
  • Access Control
  • Privileged User Monitoring
  • Encryption
  • Log and Event Management
  • Penetration Testing
  • Intrusion Detection/Prevention
  • Firewall
  • Configuration Management