Health Insurance Portability
and
Accountability Act (HIPAA)
How Check Point helps you comply with HIPAA
As shown in the following table, Check Point solutions support compliance with many HIPAA administrative and technical safeguards. Check Point provides a broad set of security solutions that form a strong foundation for complying with any information security-related regulation.
| HIPAA Standard |
Check Point Compliance Solutions |
More Information |
|---|---|---|
Administrative Safeguards HIPAA Security Rule 164.308 |
||
§ 164.308(a)(1)(ii)(B) Risk management (required) Implement security measures to reduce risks and vulnerabilities to a reasonable and appropriate level. Reasonable and appropriate refers to ensuring the confidentiality, Check Point Endpoint Security, and availability of all electronic protected health information, providing protection against reasonably anticipated threats and protecting against reasonably anticipated uses of electronic protected health information (EPHI) that are not permitted. |
Managing risk, protecting information, and preventing security threats requires a multilevel solution and approach. Check Point perimeter, internal, Web, and endpoint solutions provide a comprehensive, integrated solution for detecting, preventing, and mitigating known and new security threats. |
|
§ 164.308(a)(1)(ii)(D) Information system activity review (required) Implement procedures to regularly review information system activity, like audit logs, access reports, and security incident tracking reports. |
Check Point management tools can log and report user access across Check Point and 3rd party gateways as well as log and report administrator changes on Check Point systems. Check Point Eventia enables administrators to test and monitor the enterprise security posture for significant events, intrusions, and anomalies. |
|
§ 164.308(a)(3)(ii)(A) Authorization and/or supervision (addressable) Implement procedures for the authorization and/or supervision of staff who work with EPHI or in locations where it might be accessed. § 164.308(a)(4)(ii)(B) Access authorization (addressable) Implement policies and procedures for granting access to EPHI through a workstation, transaction, program, process, or other mechanism. § 164.308(a)(4)(ii)(C) Access establishment and modification (addressable) Implement policies and procedures for reviewing and modifying user access privileges. |
Check Point's perimeter, internal, Web, and endpoint solutions allow for the creation of granular access and authorization rules. |
§ 164.308(a)(3)(ii)(A) |
§ 164.308(a)(3)(ii)(B) Workforce clearance procedure (addressable) Implement procedures to determine that access by staff to EPHI is appropriate. § 164.308(a)(3)(ii)(C) Termination procedures (addressable) Implement procedures for terminating access to EPHI when employees terminate employment. |
User account management & authentication are an essential part of all Check Point solutions. Check Point access and authorization solutions support the appropriate screening process to ensure that access of staff is appropriate for their job function and removed upon staff termination. |
|
§ 164.308(a)(4)(ii)(A) Isolating healthcare clearinghouse functions (required) Implement procedures that protect the EPHI of the clearinghouse from unauthorized access by the larger organization (in cases where the clearinghouse is a part of a larger organization). |
Check Point's deep range of pure security product offerings has provided the industry's leading solution for network security challenges. Check enables the enterprise to conduct business in a controlled manner. |
|
§ 164.308(a)(5)(ii)(A) Security reminders (addressable) Implement periodic security updates. |
Check Point products provide the ability to deploy regular and real-time security updates across the enterprise. |
|
§ 164.308(a)(5)(ii)(B) Protection from malicious software (addressable) Implement procedures for guarding against, detecting, and reporting malicious software. |
Check Point solutions provide a comprehensive, integrated solution for detecting, preventing, and reporting malicious software passing through an organization perimeter, internal, Web, or endpoint infrastructure |
|
§ 164.308(a)(5)(ii)(C) Log-in monitoring (addressable) Implement procedures for monitoring log-in attempts and reporting discrepancies. |
Check Point management tools can log and report user access across Check Point and 3rd party gateways as well as log and report administrator changes on Check Point systems. Check Point Eventia enables administrators to test and monitor the enterprise security posture for significant events, intrusions, and anomalies. |
|
§ 164.308(a)(5)(ii)(D) Password Management (addressable) Implement procedures for creating, changing, and safeguarding passwords. |
Check Point solutions enable and encourage customers to implement secure passwords before deployment. |
|
§ 164.308(a)(6)(ii) Security incident response and reporting (required) Implement policies and procedures to identify and respond to suspected or known security incidents, mitigate harmful effects, and document incidents and outcomes. |
Many Check Point solutions enable administrators to define and monitor enterprise security incidents so they can be prevented or treated upon discovery. |
|
§ 164.308(a)(7)(ii)(B) Disaster recovery plan (required) Implement procedures to restore any loss of data. |
Check Point perimeter, internal, Web, and endpoint solutions provide several features to minimize the effects of infrastructure disaster. |
|
§ 164.308(a)(7)(ii)(C) Emergency mode operation plan (required) Implement procedures to enable continuation of critical business processes for protection of EPHI while in emergency mode. |
Check Point products enable enterprises to continue conducting business even during cases of emergency. |
|
§ 164.308(b)(1) Business associate contracts and other arrangements A covered entity may permit a business associate to create, receive, maintain, or transmit EPHI only if the covered entity obtains satisfactory assurances that the business associate will safeguard the information. |
Check Point perimeter, internal, Web, and endpoint solutions can aid business associates in demonstrating security and risk mitigation controls required by a covered entity when they receive, maintain, or access EPHI. |
|
Technical Safeguards HIPAA Security Rule 164.312 |
||
§ 164.312(a)(2)(i) Unique user identification (required) Assign unique names/numbers for identifying and tracking user identities. |
Check Point's perimeter, internal, Web, and endpoint solutions allow for the creation of granular access and authorization rules. |
|
§ 164.312(a)(2)(ii) Emergency access procedure (required) Implement procedures for obtaining necessary EPHI during an emergency. |
Check Point solutions enable access to EPHI anywhere, anytime, even during emergencies. |
|
§ 164.312(a)(2)(iii) Automatic logoff (addressable) Implement procedures to terminate an electronic session after a predetermined time of inactivity. |
Check Point solutions require termination of electronic sessions after predefined periods of inactivity. |
|
§ 164.312(a)(2)(iv) Encryption and decryption (addressable) Implement a mechanism to encrypt and decrypt EPHI. |
Check Point offers comprehensive solutions for the encryption and decryption of data at rest or in transit. |
|
§ 164.312(b) Audit controls Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use EPHI. |
Check Point Eventia enables administrators to audit, test, and monitor the enterprise security posture for significant events, intrusions, and anomalies. |
|
§ 164.312(c)(1) Check Point Endpoint Security (addressable) Implement procedures to protect EPHI from improper alteration or destruction. |
Check Point intrusion prevention technologies provide controls to limit user ability to hijack and maliciously use application commands to alter or delete data for which they have no authorization. |
|
§ 164.312(d) Person or entity authentication (required) Implement procedures to verify the identity of a person or entity seeking access to EPHI. |
User account management & authentication are an essential part of all Check Point solutions. Check Point access and authorization solutions support the appropriate screening process to ensure that access of staff is appropriate for their job function and removed upon staff termination. |
|
§ 164.312(e)(2)(i) Transmission security integrity controls (addressable) Implement security measure to ensure that electronically transmitted EPHI is not improperly modified. Recommends the use of network communications protocols. § 164.312(e)(2)(ii) Encryption (addressable) Encrypt EPHI when transmitted over a communications network. |
Check Point's remote access solutions, VPN-1 and Connectra, provide strong encryption for data during transmission over open networks using standards-based encryption protocols. |
|
More About HIPAA: