Using SIEM Technology To Streamline HIPAA Compliance

By Adron Beene, General Counsel and Compliance Officer, Proficio

There are 154 separate requirements underlying the HIPAA security standard, each with defined audit procedures. Addressing and continually monitoring each of these requirements individually can be an enormous task for any security officer. Addressing each of the audit procedures and creating the proper documentation can be a dauntless task. SIEM technology allows most of these risks to be identified, addressed, monitored, and documented.

SIEM technology allows for the collection of security events across devices, with automated cross-correlation of activity. HIPAA specific use cases built into a SIEM tool allow ePHI risks to be displayed in dashboards, channels, or reports.

For example, the login events from a Windows Active Directory server can be correlated against access events from a badge reader system. Where a login of an employee with credentials to a system containing ePHI does not match the recent access logs from the badge reader system, an alert is sent to the Security Officer.

This alert contains actionable information to allow for fast remediation of a potential compliance issue. If the Security Officer wishes to look deeper into the issue, they can then open a web-based portal to the SIEM, verify both login and badge reader activity and quickly resolve a potential breach of Access control and Validation procedures — Physical Safeguard §164.310(a)(2)(iii). If audited, a report can be run to show this event, and a case linking to the base events is accessible through a web interface.

Use cases such as the above example can be created for the majority of the Security Standards.

The framework for ePHI compliance can be built into the structure of SIEM content, allowing for compliance to be reviewed by the individual security standards. Reviewing the reports, dashboards, and channels by Security Standard allows a Security Officer to identify compliance gaps, and monitor their remediation.

Having the right security architecture is critical to successful HIPAA compliance solution. Tailoring the HIPAA compliance solution to the security devices an organization has is important. There will rarely be a one-size-fits-all solution for protecting ePHI. The above example requires both Active Directory and a badge reader system that can transmit logs, both common devices in healthcare organizations.

One less common security system is a data loss prevention (DLP) system. Several of the HIPAA security requirements can be met with a DLP system. Healthcare organizations that have not implemented this critical part of securing ePHI into their security architecture will have a difficult time meeting some of the standards.

SIEM technology allows for more than just visibility and reporting. Incoming events, like the example above need to be monitored in real time so that the treat can be properly escalated and remediated prior to a loss of data. If the Security Officer is only able to review events a few times a day, the data could be well out of the building before the threat is identified. This is where 24x7 monitoring and alerting, by a team of security analysts is invaluable to ensuring compliance. Visibility and reporting are very helpful to show compliance status, but to actually maintain compliance and secure ePHI, actionable alerts provided near real time can prevent the ePHI loss in the first place.

Proficio provides a complete HIPAA compliance solution for protecting ePHI. We provide the framework, devices, security tools, SIEM, and real time 24x7 monitoring your healthcare organization needs to secure patient data.

About The Author
Adron is an Attorney with years of hands on experience with SIEM technology. He is responsible for Proficio’s internal compliance, including BAAs. He also works directly with customers to develop compliance solutions.

Note: nothing in this blog post is legal advice or shall be construed as such.