HIPAA Compliance Checklist Software Solutions
Avatier Identity Management Software (AIMS) Unifies HIPAA HITECH Compliance
Avatier Identity Management Software (AIMS) Suite delivers a unified framework for HIPAA HITECH compliance regulations 164.308, 164.310 and 164.312. AIMS HIPAA compliance software manages employees, contractors, service providers, clinics, laboratories and imaging center user access and governance. AIMS identity manager automates terminations, access management and facility access controls.
| HIPAA Citation | Security Specification | AIMS | Description |
|---|---|---|---|
164.308(a)(1)(i) | Security Management Process |  | Automate policies and procedures for managing security violations. |
164.308(a)(1)(ii)(A) | Risk Analysis |  | Graphically represent vulnerability assessments, trends and analytics. |
164.308(a)(1)(ii)(B) | Risk Management | | Track activities like patch management, vulnerability management, asset management and help desk to reduce security risks. |
164.308(a)(1)(ii)(C) | Sanction Policy | | Automate security policies for individual and group document management and record violations. |
164.308(a)(1)(ii)(D) | Information System Activity Review |  | Automatically review system activity log aggregations, analysis, event management and user account management. |
164.308(a)(2) | Assigned Security Responsibility | | Identify security authorities for policies and procedures to establish an automated workflow approval hierarchy. |
164.308(a)(3)(i) | Workforce Security | | Automate policies and procedures to ensure appropriate PHI access through automated workflow approvals. |
164.308(a)(3)(ii)(A) | Authorization and/or Supervision | | Automate access management authorization through role-based access control and automated policy enforcement. |
164.308(a)(3)(ii)(C) | Termination Procedures | | Automate security policy management of user account terminations to prevent PHI access breeches. |
164.308(a)(4)(i) | Information Access Management | | Automates authorization and access controls to systems. |
164.308(a)(4)(ii)(B) | Access Authorization | | Apply role-based access control to automate policies and procedures for access to systems. |
164.308(a)(4)(ii)(C) | Access Establishment and Modification | | Automate security policies for granting access to PHI document management systems. |
164.308(a)(5)(ii)(A) | Security Reminders |  | Distribute security updates via sign-on screen, screen savers, monthly memos, e-mail and banners. |
164.308(a)(5)(ii)(D) | Password Management |  | Automate enterprise password management procedures. |
164.308(a)(6)(i) | Security Incident Procedures | | Automate policies and procedures to manage, automatically detect, report and respond to security incidents. |
164.308(a)(7)(ii)(E) | Applications and Data Criticality Analysis | | Automate system identity management and asset management controls. |
164.308(a)(8) | Evaluation |  | Perform perpetual compliance assessment and security evaluations. |
164.310(a)(1) | Facility Access Controls | | Automate facility access policies and procedures to limit access to systems and facilities. |
164.310(a)(2)(ii) | Facility Security Plan | | Automate policies and procedures for access to server farms, equipment and smart card network access. |
164.310(a)(2)(iii) | Access Control and Validation Procedures | | Authenticate card readers, locks, biometrics, badges and tokens. |
164.310(a)(2)(iv) | Maintenance Records | | Monitor, track & course correct security actions, policies & procedures. |
164.310(c) | Workstation Security | | Enforce physical safeguards for workstation access. |
164.312(a)(1) | Access Control | | Automate and enable self-service administration of access management policies and procedures. |
164.312(a)(2)(i) | Unique User Identification | | Assign unique IDs to support identity management, password management and group management automation. |
164.312(b) | Audit Controls | | Automate log aggregation, analysis & security event management reports. |
164.312(c)(1) | Integrity | | Automate system alerts. Detect suspicious activity. Safeguard against unauthorized use. |