Overview
Complying With HIPAA
The Department of Health and Human Services (HHS) enacted the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to ensure that personal information stored, accessed, or processed adheres to a set of guidelines or “security rules”. These rules outline security measures that should be implemented to adequately secure all electronic protected health information (EPHI). The Secretary of Health and Human Services enforces this law. Non-compliance can lead to civil monetary penalties and public distrust.
The collection, management, and analysis of log data is integral to meeting many HIPAA requirements. The use of LogRhythm directly meets some requirements and decreases the cost of complying with others. IT environments consist of heterogeneous devices, systems, and applications all reporting log data. Millions of individual log entries can be generated daily if not hourly. The task of organizing this
information can be overwhelming in itself.
The additional requirements of analyzing and reporting on log data render manual processes or homegrown remedies inadequate and costly.
