How To Cover HIPAA Security Rule Regarding Audit Trail

HIPAA, the US healthcare regulation, has some rigid requirements about data security and privacy. That aligns perfectly with LogSentinel’s mission so we decided to help our customers in their HIPAA compliance efforts by providing a clear mapping between HIPAA requirements and LogSentinel SIEM’s functionality.

#RequirementLogSentinel SIEM Functionality
 §164.312. Technical safeguards
1.(b) Standard: Audit controls. Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.LogSentinel SIEM provides an collector software to track activity in information systems based on text logs files, database logs and other possible sources.
2.(c) (1) Standard: Integrity. Implement policies and procedures to protect electronic protected health information from improper alteration or destruction.LogSentinel SIEM protects the integrity of data by cryptographic means based on blockchain. Protecting the audit trail on each record would in turn protect the integrity of the record itself.
3.(c) (2) Implementation specification: Mechanism to authenticate electronic protected health information (Addressable). Implement electronic mechanisms to corroborate that electronic protected health information has not been altered or destroyed in an unauthorized manner.LogSentinel SIEM provides cryptographic proofs that data has not been modified or destroyed.

(2) Implementation specifications:

(i) Integrity controls (Addressable). Implement security measures to ensure that electronically transmitted electronic protected health information is not improperly modified without detection until disposed of.

LogSentinel SIEM provides cryptographic proofs that data has not been modified or destroyed. The proofs can be used via third party upon transmission to validate the integrity.
 §164.306 Security standards: General rules.
5.(a) (1) Ensure the confidentialityintegrity, and availability of all electronic protected health information the covered entity or business associate creates, receives, maintains, or transmits.LogSentinel SIEM guarnatees the integrity of all data that is stored in it either directly, or in the form of audit trail about creation and modification of records.

(2) Protect against any reasonably anticipated threats or hazards to the security or integrity of such information.

LogSentinel SIEM provides cryptographic guarantees against threats to the integrity of data as well as an anomaly detection module to proactively alert about any potential security incident.
7.(3) Protect against any reasonably anticipated uses or disclosures of such information that are not permitted or required under subpart E of this part.LogSentinel SIEM keeps a secure log of all uses of protected information and therefore serves as a deterrent to unauthorized disclosures.
 HIPAA §164.308 Administrative safeguards.
8.(a) (1) (ii) (D) Information system activity review (Required). Implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports.

LogSentinel SIEM provides a convenient dashboard with BI capabilities to allow for easier review records of system activity.

It also provides an anomaly detection modules that automatically reviews all events and generates alerts in case of unusual sequence of events.

9.(a) (5) (i) (C) Log-in monitoring (Addressable). Procedures for monitoring log-in attempts and reporting discrepancies.LogSentinel SIEM has built-in audit events for authentication scenarios (logins, failed logins, login-as functionality) as well as anomaly detection on top of these attempts.
 §164.310 Physical safeguards.
10.(a) (2) (iv) Maintenance records (Addressable). Implement policies and procedures to document repairs and modifications to the physical components of a facility which are related to security (for example, hardware, walls, doors, and locks).LogSentinel SIEM can be used as a secure source of truth for all documented modifications and repairs to physical components.
11.(d) (2) (iii) Accountability (Addressable). Maintain a record of the movements of hardware and electronic media and any person responsible therefore.LogSentinel SIEM can be used as a secure source of truth for all movements of hardware and electronic media

Additionally, LogSentinel SIEM provides healthcare-specific logging endpoints that are compliant with various standards, like IHE, DICOM, and FHIR. Hospital and other healthcare systems can safely send their DICOM/FHIR compliant audit messages, or LogSentinel SIEM can collect them from their existing storage, and protect them in the most compliant way technically possible.

Ultimately, we hope that this table helps with understanding HIPAA compliance better in terms of data security. Healthcare data is indeed very sensitive and nothing but state-of-the-art technology should be employed to protect it. And not just for the sake of avoiding enormous HIPAA fines, but more importantly – for the sake of patients.

Like this article? Share it with your network!