Protecting Electronic Health Information

To encourage the widespread use of electronic data interchange in healthcare, the U.S. Congress passed the Health Insurance Portability and Accountability Act of 1996 (HIPAA, Title II). HIPAA also requires the Department of Health and Human Services to establish national standards that address the security and privacy of health information. The Health Information Technology for Economic and Clinical Health Act (HITECH) was enacted in 2009 as part of the American Recovery and Reinvestment Act to promote the adoption of health information technology. HIPAA and HITECH were updated in 2013 when the Omnibus Rule was released. The challenge for IT departments lies in identifying the controls required to ensure the security and privacy of this data while proving to auditors that each control has been properly implemented, maintained, and monitored.

What is your security compliance score?

security compliance score

Elemental Cyber Security HIPAA/HITECH policy automation framework enables healthcare insurers and providers, universities, and other organizations that handle patient health information to adhere to HIPAA/HITECH best practices for network access control, host security configuration management, as well as systems and software inventory. Deploying a full range of policies in these categories enables organizations to effectively assess the security posture of the systems that contain or use protected health information (PHI).

How does it work?

The Elemental Security Platform (ESP) automates the arduous and often manual processes involved in making these security compliance assessments. In addition, it gives organizations the option of controlling access to these systems by placing network-based controls on those that process electronic PHI (ePHI) data, with access based on compliance with the organization’s security policies. As a dedicated HIPAA/HITECH policy set incorporated into the ESP, the Elemental solution provides an automation framework for deploying and enforcing policies on computing resources that store and have access to ePHI. Using this approach, organizations can deploy security policies that address key aspects of the HIPAA standards for security.

Within minutes of ESP software installation on target machines, the ESP system will accurately calculate your compliance score for the HIPAA requirements and generate a pass/fail list of specific technical controls. With that information in hand, your team in charge of security compliance will know exactly where your weak points are and how to address them. Through historical compliance monitoring and reporting, they can also demonstrate continuous security posture improvements to management and auditors thus reducing cost and time-to-compliance.

ESP provides policies that directly address the following security controls mandated by HIPAA:


ESP hipaa policy template

Maintain HIPAA/HITECH Compliance

ESP allows organizations to generate concise reports on their security and compliance objectives. Executive level reports enable enterprise security and information officers to readily understand the overall security state of their information technology infrastructure and to expose changes or trends in their compliance with HIPAA/HITECH regulations and controls. Audit trails provide compliance and policy management details tracking, and a clear understanding of security administrator entitlements and actions. Together this reporting framework enables organizations to demonstrate that required security controls are being implemented and maintained.

ESP hipaa compliance info

These views are supported by detailed drill-down reporting that provides an unparalleled level of transparency into the network environment. This enables operational staff to continuously monitor the security posture, inventory, compliance, and activity of machines on the networks. This enables targeted investigation of factors impacting compliance and provides the ability to enact appropriate remediation to correct compliance drift as it occurs. The hierarchical and comprehensive reporting capabilities of ESP demonstrate the necessary alignment between the technical controls required by HIPAA/HITECH and the business objectives of the organization. These reports provide metrics showing possible continued improvement and efficiency of security operations in protecting the interests of the organization.

Proven enterprise-class capabilities:

  • Pre-defined HIPAA-HITECH policy templates ready to be customized and deployed
  • Extensive library containing thousands of “drag-and-drop“ cyber security controls (NIST, HIPAA, PCI, SOX, NSA, CIS, industry best practices, etc.)
  • Immediate availability of compliance scores
  • 24/7 monitoring and enforcement of deployed policies
  • Audit-ready logs of all security policies and system use
  • Automation of security configuration management
  • Deep network visibility at any managed endpoint level
  • Adaptive network segmentation
  • Cross-platform containment in case of compromise

Not just a compelling best-in-class technology:

ESP comes with much more than a complete and integrated suite of security compliance and risk management functions:

  • Fast, scalable on premise or cloud-based deployment
  • Dedicated support and training during system implementation, policy creation, deployment, and reporting
  • Currency with global standards and regulatory mandates
  • Baseline consulting based on the subscription level

How is Elemental different?

Elemental's unique Cyber Security Platform enables continuous compliance by actually implementing and enforcing the technical security controls mandated by HIPAA-HITECH. The solution offers faster time-to-compliance, audit-ready reports, improved network security, ready to deploy security policies and risk assessment — all from one unified easy-to-use web based user interface.


The Bottom Line

Elemental provides a comprehensive framework for deploying and enforcing policies on computing resources that store confidential health data. Only the Elemental solution provides the visibility and automation necessary to continuously monitor and secure these systems in fast-changing enterprise environments, allowing organizations to effectively demonstrate and maintain compliance with HIPAA/HITECH best practices.


"Elemental offers the most comprehensive integrated software platform to achieve, continuously maintain, and control HIPAA/HITECH security compliance!"