Solved

What software do you use to provide auditing and compliance reporting on file access?

Posted on 2014-09-29
4
56 Views
Last Modified: 2016-07-16
I need to provide audit compliance for PHI information in a non-profit setting.  I am concerned about log size and retention, ease of reporting and load on the network. Do you have any suggested products or procedures?
0
Comment
Question by:cjrmis
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 40351575
May be interested in

identityfinder - http://www.identityfinder.com/us/Business/Solutions/Compliance/HIPAA
http://www.identityfinder.com/kb/Enterprise-Documentation/59105
The attached tool, "Identity Finder Console Database Sizing Tool," will assist in planning for the appropriate amount of database disk space. This tool can also be used over time to import statistical data from a console database and provide more accurate sizing information.

The required hardware for the console is dependent upon a variety of factors, such as the number of endpoints reporting into the console, the amount of data found on each of the endpoints, the number of searches performed within a time period, and the amount of time the data will be kept online (the console can only report on the data that is kept online in the database).

If you are having SQL Server, you can check that it inherently provides a number of compliance tools that you can take advantage of to secure and audit your database and data.  
There's a Compliance page (http://www.microsoft.com/sqlserver/2008/en/us/compliance.aspx) on the SQL Server site.
Also Microsoft in the past written a Compliance whitepaper (http://www.microsoft.com/en-us/download/details.aspx?id=6808) that will get you started.
There are further third-party auditing packages available for SQL Server. Some include Blackbird Auditor, and OmniAudit but may be too costly though in your use case - they have search terms for SQL Server auditing HIPAA compliance. Another is ManageEngine - can check the page for report coverage (http://www.manageengine.com/products/eventlog/hipaa-compliance-reports.html)

the info shared in the deck can help in guidance (see "What Your Nonprofit Needs to Do about HIPAA – Now" pg39)

http://www.venable.com/files/Event/9864b32e-8a4c-4a17-a0e4-78bb2c5baa9f/Preview/EventAttachment/06f240f8-d065-4a5d-bfab-f7282f825154/The_Road_Map_to_HIPAA_Compliance_What_Your_Nonprofit_Needs_to_Know_handouts.pdf

Fundamentally, knowing the security rule is critical ..
      What is the HIPAA Security Rule? The Security Rule establishes standards to protect
electronic PHI (e-PHI) that is created, received, used, or maintained by a covered entity
and, now, a business associate. These entities must ensure the confidentiality, integrity,
and availability of e-PHI; identify and protect against reasonably anticipated threats
to the security or integrity of the information; protect against reasonably anticipated
impermissible uses or disclosures; and ensure compliance by their workforce. Among other
requirements, an entity must have a Security Officer, adopt policies and procedures, and
conduct a thorough assessment of the risks and vulnerabilities of its e-PHI.
0
 
LVL 63

Expert Comment

by:btan
ID: 41713752
The tool identityfinder does find the PHI as asked in the question. Specifically
Identity Finder has specific technology for finding and protecting Patient Health Information.

Our proprietary algorithms perform a variety of real-time analytics to maximize accuracy and minimize false positives. In addition to Identity Finder's sophisticated search algorithms for finding social security numbers (SSNs), credit card numbers      (CCNs) , and other types of patient health information, Identity Finder a provides a MultiFind mode to facilitate finding combinations of data.
http://www.identityfinder.com/us/HowItWorks/Identities/PHIdata

The remainings of the comments are more of alternatives and focus on compliance reporting for deployment. It will be good to contact sales support to sort the concerns out.

For consideration to accept the answers provided in this and ID: 40351575
0

Featured Post

Secure Your Active Directory - April 20, 2017

Active Directory plays a critical role in your company’s IT infrastructure and keeping it secure in today’s hacker-infested world is a must.
Microsoft published 300+ pages of guidance, but who has the time, money, and resources to implement? Register now to find an easier way.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are looking at this article, you have most likely been hit by some version of ransomware and are trying to find out if there is anything you can do, or what way you should react - READ ON!
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question