HIPAA Compliance Checklist Software Solutions
Avatier Identity Management Software (AIMS) Unifies HIPAA HITECH Compliance
Avatier Identity Management Software (AIMS) Suite delivers a unified framework for HIPAA HITECH compliance regulations 164.308, 164.310 and 164.312. AIMS HIPAA compliance software manages employees, contractors, service providers, clinics, laboratories and imaging center user access and governance. AIMS identity manager automates terminations, access management and facility access controls.
HIPAA Citation | Security Specification | AIMS | Description |
---|---|---|---|
164.308(a)(1)(i) | Security Management Process | Identity Enforcer | Automate policies and procedures for managing security violations. |
164.308(a)(1)(ii)(A) | Risk Analysis | Balanced Scorecard | Graphically represent vulnerability assessments, trends and analytics. |
164.308(a)(1)(ii)(B) | Risk Management | Balanced Scorecard | Track activities like patch management, vulnerability management, asset management and help desk to reduce security risks. |
164.308(a)(1)(ii)(C) | Sanction Policy | Identity Enforcer | Automate security policies for individual and group document management and record violations. |
164.308(a)(1)(ii)(D) | Information System Activity Review | Identity Analyzer | Automatically review system activity log aggregations, analysis, event management and user account management. |
164.308(a)(2) | Assigned Security Responsibility | Identity Enforcer | Identify security authorities for policies and procedures to establish an automated workflow approval hierarchy. |
164.308(a)(3)(i) | Workforce Security | Identity Enforcer | Automate policies and procedures to ensure appropriate PHI access through automated workflow approvals. |
164.308(a)(3)(ii)(A) | Authorization and/or Supervision | Identity Enforcer | Automate access management authorization through role-based access control and automated policy enforcement. |
164.308(a)(3)(ii)(C) | Termination Procedures | Identity Enforcer | Automate security policy management of user account terminations to prevent PHI access breeches. |
164.308(a)(4)(i) | Information Access Management | Identity Enforcer | Automates authorization and access controls to systems. |
164.308(a)(4)(ii)(B) | Access Authorization | Identity Enforcer | Apply role-based access control to automate policies and procedures for access to systems. |
164.308(a)(4)(ii)(C) | Access Establishment and Modification | Identity Enforcer | Automate security policies for granting access to PHI document management systems. |
164.308(a)(5)(ii)(A) | Security Reminders | Group Enforcer | Distribute security updates via sign-on screen, screen savers, monthly memos, e-mail and banners. |
164.308(a)(5)(ii)(D) | Password Management | Password Station | Automate enterprise password management procedures. |
164.308(a)(6)(i) | Security Incident Procedures | Identity Analyzer | Automate policies and procedures to manage, automatically detect, report and respond to security incidents. |
164.308(a)(7)(ii)(E) | Applications and Data Criticality Analysis | Identity Enforcer | Automate system identity management and asset management controls. |
164.308(a)(8) | Evaluation | Compliance Auditor | Perform perpetual compliance assessment and security evaluations. |
164.310(a)(1) | Facility Access Controls | Identity Enforcer | Automate facility access policies and procedures to limit access to systems and facilities. |
164.310(a)(2)(ii) | Facility Security Plan | Identity Enforcer | Automate policies and procedures for access to server farms, equipment and smart card network access. |
164.310(a)(2)(iii) | Access Control and Validation Procedures | Password Station | Authenticate card readers, locks, biometrics, badges and tokens. |
164.310(a)(2)(iv) | Maintenance Records | Balanced Scorecard | Monitor, track & course correct security actions, policies & procedures. |
164.310(c) | Workstation Security | Password Station | Enforce physical safeguards for workstation access. |
164.312(a)(1) | Access Control | Identity Enforcer | Automate and enable self-service administration of access management policies and procedures. |
164.312(a)(2)(i) | Unique User Identification | Identity Enforcer | Assign unique IDs to support identity management, password management and group management automation. |
164.312(b) | Audit Controls | Identity Analyzer | Automate log aggregation, analysis & security event management reports. |
164.312(c)(1) | Integrity | Identity Analyzer | Automate system alerts. Detect suspicious activity. Safeguard against unauthorized use. |