Consul Risk Management Releases HIPAA Compliance Module

Software firm releases add-on for its Insight Security Manager to directly deal with challenges of health information compliance laws


Consul risk management, Inc., the worldwide provider of security event audit and compliance solutions for the enterprise, today announced a new Regulatory Compliance Management Module to help organizations comply with the HIPAA Security Rule. The new HIPAA Regulatory Compliance Management Module for Consul InSight Security Manager 5.0 (Consul InSight) provides vital capabilities for compliance with HIPAA. With the HIPAA Regulatory Compliance Management Module, Consul InSight helps organizations tackle the HIPAA Security Rule's audit and risk assessment requirements by continually auditing user behavior and data access for policy compliance. This is critical as the April 2005 deadline for HIPAA security compliance approaches.

"Organizations are grappling with looming deadlines for HIPAA compliance, and many are baffled about how to achieve it," said Joseph Sander, president and CEO of Consul. "Audit and risk assessment play critical roles in the regulation; Consul has been assisting companies with these issues for more than two decades. With the addition of the HIPAA Regulatory Compliance Management Module, Consul InSight is making it even easier for organizations affected by HIPAA to demonstrate compliance within the deadline and maintain these security/privacy processes."

"Consul InSight helps fulfill our HIPAA audit and logging requirements by archiving audit logs and monitoring root and administrator account usage," said Rob Hoffpauir, senior systems engineer at Louisiana Health Service & Indemnity Company. "Not only does Consul InSight assist with HIPAA compliance, but it also helps us to meet our internal audit requirements by monitoring, archiving and investigating security events throughout the enterprise."

HIPAA: Challenging Requirements, Looming Deadlines

Finalized in 2003 to improve the overall security of healthcare information systems and protect patient's privacy, the Health Insurance Portability and Accountability Act of 1996 (HIPAA)'s Final Security Rule contains a looming April 2005 deadline. All impacted health care organizations must have plans to ensure the confidentiality, integrity and availability of protected health information that a covered entity receives, maintains or transmits. Two of the more challenging requirements in the Security Rule involve audit and control, and risk assessment. Organizations need to select a compliance approach that not only allows them to meet the April 2005 deadline, but also enables them to maintain compliance going forward.

Meeting HIPAA Auditing, Logging and Risk Management Requirements

The HIPAA Regulatory Compliance Management Module is an integrated add-on to Consul InSight. Consul InSight helps organizations meet HIPAA's audit and logging requirements by collecting and centralizing security log data from heterogeneous sources, filtering collected information against security policy and automatically triggering appropriate actions and alerts upon detecting suspicious activities. In addition, Consul InSight archives normalized log data for forensic review and provides consolidated viewing and reporting through a central dashboard.

This content continues onto the next page...