Consul Risk Management Releases HIPAA Compliance Module

Sept. 30, 2004
Software firm releases add-on for its Insight Security Manager to directly deal with challenges of health information compliance laws

Consul risk management, Inc., the worldwide provider of security event audit and compliance solutions for the enterprise, today announced a new Regulatory Compliance Management Module to help organizations comply with the HIPAA Security Rule. The new HIPAA Regulatory Compliance Management Module for Consul InSight Security Manager 5.0 (Consul InSight) provides vital capabilities for compliance with HIPAA. With the HIPAA Regulatory Compliance Management Module, Consul InSight helps organizations tackle the HIPAA Security Rule's audit and risk assessment requirements by continually auditing user behavior and data access for policy compliance. This is critical as the April 2005 deadline for HIPAA security compliance approaches.

"Organizations are grappling with looming deadlines for HIPAA compliance, and many are baffled about how to achieve it," said Joseph Sander, president and CEO of Consul. "Audit and risk assessment play critical roles in the regulation; Consul has been assisting companies with these issues for more than two decades. With the addition of the HIPAA Regulatory Compliance Management Module, Consul InSight is making it even easier for organizations affected by HIPAA to demonstrate compliance within the deadline and maintain these security/privacy processes."

"Consul InSight helps fulfill our HIPAA audit and logging requirements by archiving audit logs and monitoring root and administrator account usage," said Rob Hoffpauir, senior systems engineer at Louisiana Health Service & Indemnity Company. "Not only does Consul InSight assist with HIPAA compliance, but it also helps us to meet our internal audit requirements by monitoring, archiving and investigating security events throughout the enterprise."

HIPAA: Challenging Requirements, Looming Deadlines

Finalized in 2003 to improve the overall security of healthcare information systems and protect patient's privacy, the Health Insurance Portability and Accountability Act of 1996 (HIPAA)'s Final Security Rule contains a looming April 2005 deadline. All impacted health care organizations must have plans to ensure the confidentiality, integrity and availability of protected health information that a covered entity receives, maintains or transmits. Two of the more challenging requirements in the Security Rule involve audit and control, and risk assessment. Organizations need to select a compliance approach that not only allows them to meet the April 2005 deadline, but also enables them to maintain compliance going forward.

Meeting HIPAA Auditing, Logging and Risk Management Requirements

The HIPAA Regulatory Compliance Management Module is an integrated add-on to Consul InSight. Consul InSight helps organizations meet HIPAA's audit and logging requirements by collecting and centralizing security log data from heterogeneous sources, filtering collected information against security policy and automatically triggering appropriate actions and alerts upon detecting suspicious activities. In addition, Consul InSight archives normalized log data for forensic review and provides consolidated viewing and reporting through a central dashboard.

The HIPAA Security Rule specifies that covered entities must conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity and availability of electronic protected health information held by the covered entity. With this risk assessment being so fundamental to HIPAA compliance, organizations must quickly align the reality of their business operations with their information protection and compliance requirements. Consul InSight provides organizations with a quick and accurate way to baseline users and IT assets, benchmark access behavior, establish access policy, and identify and report policy exceptions.

Consul InSight uses its patent-pending W7 methodology (Who did What, When, Where, Where from, Where to and on What) to consolidate, normalize and analyze vast amounts of user and system activity, delivering instant alerts and reports on who touched what information and how those actions may violate external regulations or internal security policies. By comparing user activity to customizable HIPAA policy templates, Consul InSight accelerates organizations' HIPAA compliance efforts. Implementation of Consul InSight accelerates compliance in the following ways:

1. Specific recommendations for audit and alert configuration allow for the proper generation of information needed for security event management. This audit trail of all network activity easily highlights events that violate HIPAA security policy.

2. Customizable security policies that are designed to enable compliance to HIPAA.

3. Real-time alerts and 100-plus compliance relevant reports enable organizations to track, measure and resolve security breaches related to HIPAA-relevant data.

4. Guidelines and technology for archiving crucial security log information to meet security best practices that are relevant to HIPAA, as well as other standards, such as ISO17799 and COBIT.

5. Forensic capabilities provide drill-down, cross-platform investigative functionality to simplify the required investigation of HIPAA-related security events.

More information about how the new HIPAA Regulatory Compliance Management Module for Consul InSight facilitates HIPAA Security Compliance is available online at: www.consul.com.

Pricing and Availability

The HIPAA Regulatory Compliance Management Module for Consul InSight will be available at the end of 2004. Pricing will start at $30,000.