This blog is part of a series of posts to highlight how our flagship cybersecurity product, Covalence, can help our customers attain their compliance goals. Whether it’s to mitigate risks, maintain a cyber insurance policy, or fulfill a contractual requirement, we know how important it is for businesses to adhere to industry-standard compliance frameworks.
HIPAA modernized the flow of healthcare information and stipulated how personally identifiable information maintained by the healthcare and health insurance industries should be protected from fraud and theft. HIPAA applies to most people and companies that use and access the Protected Health Information (PHI) of patients treated inside the USA, regardless of citizenship.
While HIPAA applies equally to physical records like medical charts, today most healthcare clinics and organizations are taking advantage of modern computing and digitizing patient information into Electronic Protected Health Information (EPHI).
EPHI has revolutionized how you track and deliver care to patients, but it has also opened sensitive data to a whole new range of threats, from malicious hackers to accidental disclosures. Regardless of size, your organization holds important client and organizational data that has real value to threat actors.
To combat these threats, it's important that you have policies, procedures, and technical safeguards in place to ensure the confidentiality, integrity, and availability of the EPHI under your control.
How Covalence helps secure private data
Field Effect’s Covalence is the ideal solution to rise to the challenge of thwarting hackers while maintaining HIPAA compliance. Here's how.
One section of the HIPAA legislation compels holders of EPHI to "protect against any reasonably anticipated threats or hazards to the security or integrity of protected electronic health information”. Most healthcare organizations don’t have the time or resources to monitor the rapidly evolving cyber threat landscape. That’s why Covalence employs industry-standard indicators of compromise (IOCs) along with our own threat intelligence to identify malicious systems, domains, botnets, ransomware, and other threats to our customers’ environments and patient data.
Another section of the legislation states that EPHI holders must “identify and respond to suspected or known security incidents; mitigate, to the extent practicable, harmful effects of security incidents that are known to the covered entity or business associate”. Powered by sophisticated technology that monitors for cybersecurity threats on the endpoint, network, and cloud, Covalence reports on incidents that matter, without the deluge of threat alerts common to nearly all other cybersecurity products. In addition, Covalence can take action to lock cloud accounts and isolate systems to stop breaches before they impact EPHI.
Integrated ARO mappings
Covalence delivers reporting to our customers through our proprietary threat alerting system of Actions, Recommendations, and Observations. AROs provide high-confidence alerts combined with actionable insights that allow organizations to easily understand the response required.
Covalence users can enable their AROs to contain insights and mappings to the compliance frameworks they care most about. Reach out to our team to learn what mappings are available now.
Here’s an example of a Field Effect Insight:
Learn more about Covalence & HIPAA compliance
We've created an easy-to-read mapping guide for HIPAA, which shows how Covalence can help our customers fulfill specific sections of the standard. This document is a great starting point to help you better understand the regulatory compliance landscape but, because every organization is different, we still recommend consulting with a regulatory auditor for your specific requirements.