Compliance Categories

Log data allows organizations to manage the extreme challenges of meeting major HIPAA implementation specifications. TIBCO LogLogic’s compliance reports and alerts satisfy the following categories:

  • Identity and Access
  • Monitoring and Reporting
  • Change Management
  • Security Management
  • Availability Management
  • Continuity Management

Identity and Access

The LogLogic® Compliance Suite - HIPAA Edition includes reports and alerts to show that all HIPAA-related systems (that is, networks, applications, and databases) are appropriately secured to prevent unauthorized use, disclosure, modification, damage or loss of data.

The risks of non-compliance might result in an unauthorized or inappropriate access to key systems, which may negatively impact the security, integrity, accuracy and completeness of healthcare information.

Monitoring and Reporting

The LogLogic® Compliance Suite - HIPAA Edition includes reports and alerts to allow customers to continuously monitor the IT infrastructure for any security violations. Reports are provided in a format meaningful to the stakeholders. The monitoring statistics should be analyzed and acted upon to identify negative and positive trends for individual services as well as for services overall.

The risks of non-compliance in this area could significantly impact service availability and security of the IT infrastructure, which may negatively impact the security, integrity, accuracy, and completeness of healthcare information.

Change Management

The LogLogic® Compliance Suite - HIPAA Edition includes reports and alerts to show that all systems and system changes are appropriately requested, approved, tested, and validated by authorized personnel prior to implementation to the production environment. These reports and alerts can also show that division of roles and responsibilities have been implemented to reduce the possibility for a single individual to subvert a critical process. Management must make sure that the personnel are performing only authorized duties relevant to their respective jobs and positions.

The risks of non-compliance might result in unauthorized changes or an improper roll-out of new source code to key systems. This might negatively impact the security, integrity, accuracy, and completeness of healthcare information.

Security Management

The LogLogic® Compliance Suite - HIPAA Edition includes reports and alerts to show that all network security devices, including firewalls which control computer traffic into a company’s network, as well as IDS systems which monitor the computer traffic, have been configured appropriately to allow only the requested and approved traffic in and out of the network.

The risks of non-compliance may result in unauthorized access from the Internet. Often, seemingly insignificant paths to and from the Internet can provide unprotected pathways into key systems. Firewalls are a key protection mechanism for any computer network.

Availability Management

The LogLogic® Compliance Suite - HIPAA Edition includes reports and alerts to monitor the availability of critical IT infrastructure components. Alerts can be setup to monitor when critical components are sending abnormal amount of log data, which could indicate attacks on the component or that there’s system errors, or have stopped sending log data, which could indicate failure of these components.

The risk of non-compliance could significantly impact the business viability and could prevent an organization from recording healthcare transactions and thereby undermine its integrity.

Continuity Management

The LogLogic® Compliance Suite - HIPAA Edition includes reports and alerts to monitor that data are backed up on a regular basis. Reports can be automatically generated to ensure that backups and restores are performed successfully. Deficiencies in this area could impact the resilience of the infrastructure and the availability of critical resources.