HIPAA requires activity monitoring and access auditing for informational systems (defined as hardware, software, data, etc.) directly:
– 164.308. II D – implement procedures to regularly review records of information system activity (…);
TEMASOFT FileMonitor can provide insight into the data-related activities necessary for compliance reporting.
Some HIPAA requirements do not directly ask for monitoring specific activities, but they do require implementation of security controls and insist on ensuring (as an ongoing process) that the policies are in place and effective. TEMASOFT FileMonitor can deliver proof that the policies are in place, or alerts when breaches are detected, by continuously monitoring access to files and analyzing data access patterns.
It is nearly impossible to prevent, detect, contain and correct security violations involving files (data leakage, data loss, misuse, etc.) if there is no information on how these files are being used. File access monitoring tools not only provide insight into how data is being used but can also detect suspicious activity and alert on operations that can expose or endanger the data.
Any risk analysis on data leakage or data loss (involving ePHI) cannot be conducted without knowing where the data resides, who accesses it and how.
Performing such procedures is done by using the authentication and authorization mechanisms of the IT systems. However, enforcing these controls and ensuring that the current settings are correct and the policies are being applied, requires constant monitoring.
Although HPAA requires that activities, in general, are reviewed, and access to ePHI should be given on a need-to-have basis, it does not have specific requirements for monitoring what authorized users do with the files they access. Other HIPAA requirements that enforce risk assessment imply that organizations have enough knowledge about how files are manipulated to conduct the evaluation, and this involves authorized use as well.
Tax fraud incidents with information stolen from healthcare organization are on the rise. An example can be found here: https://www.databreaches.net/palm-beach-county-health-department-employee-arrested-for-stealing-2800-patients-information-for-tax-refund-fraud/
This example shows how either authorized persons took information or made it available to unauthorized colleagues who in turn, stole information further used in tax fraud activities.
An example of deliverable: Get a report with all files accessed by the clerk at the front desk.
Example of deliverable: Get a report on how ePHI data moves from authorized to non-authorized internal users (track internal copy operations, get alerts when users other than authorized use sensitive files;
File monitoring solutions that also collect information about the processes manipulating files, and can tag and follow up on files, can be of great help in detecting file operations aimed at hiding the nature of the contained information. Such actions include file archiving, renaming, content modifications, etc. Ability to get an alert on such suspicious activity is important to reduce the risk of information theft by malicious employees.
Ransomware is a major issue for healthcare and single layered security approaches based just on anti-virus engines have failed in numerous cases. Starting with the next release, TEMASOFT FileMonitor can detect ransomware in seconds, significantly reducing the risk of downtime and data loss for healthcare organizations. Its reactivity features allow code execution on detection, enabling immediate corrective measures. This functionality works best as a second layer of security, along with the AV solutions and can integrate when needed: i.e. if ransomware detection identifies ransomware activity, it can trigger an AV quarantine on the malicious process using AV command line, without the AV detecting the process as malicious in the first place.
For more information about the next version of TEMASOFT FileMonitor and how it can help healthcare organizations, follow us on LinkedIn or subscribe to our newsletter.
This post was last modified on August 21, 2023 7:27 am
In the digital world, information is often stored and transferred through files. From the most…
Introduction Data security is more important than ever in today's fast-paced digital world. One critical…
Introduction: Cyber threats are a growing concern for businesses and individuals alike. With the increasing…
Microsoft Internet Information Services (IIS) is a popular web server that is widely used to…
File tracking is an important aspect of server administration, and it can help administrators detect…
File monitoring solutions are essential tools for administrators to manage and protect their organizations' data…