HIPAA Security Rule Compliance Reporter

The HIPAA Security Rule Compliance Reporter™ (HSCR) deploys state of the art enterprise risk management technology to allow you to meet the HIPAA Security Rule requirements for hospitals and their business associates. The software supports SCAP vulnerability scan data uploads and direct input or uploads of syslog data from perimeter security devices. Policy inputs include HIPAA specific questions and enhanced reporting. The HSCR console enables the monitoring of the HIPAA security rule compliance status of each business associate. The console allows for hospital access to real-time display of the HIPAA security rule compliance status of all active business associates as described in NIST 800-66.

Figure 1
Fig. 1 - HIPAA Security Rule Compliance Reporter Data Entry Screen

HSCR Benefits

  • We read the regulations, so you don't have to!
  • Compliance limits liability
  • Annual subscription based program
  • Protects your data
  • Auditable reports
  • Uses approved NIST methods
  • Automates time consuming processes
  • Automates extraction of syslog data

HSCR Features

  • Roadmap to full HIPAA compliance
  • Continuously updated using Federal standards
  • Software as a Service (SaaS)
  • Secure Input (SSL)
  • Encrypted Storage of input data
  • Encrypted PDF Reports
  • Supports SCAP vulnerability scan import
  • Supports IPS/AV upload

Achieving HIPAA Security Rule Compliance

  1. Scan the computer network using an SCAP validated vulnerability scanner.
  2. Conduct a risk assessment using the NIST 800-30 protocol.
  3. Implement safeguards to protect against the risks identified during the risk assessment and SCAP vulnerability scan.

How it works - the technology

The overall ACR2 automated risk management process is shown in Figure 2. IPS and Anti-Virus data, network scan data, and policy data are input into the Risk Calculation Engine. This creates the Results Documentation Report and the Control Recommendations Report. The changes in controls are implemented and the changes are added to the risk engine, along with updated Scan and IPS/AV data. This cycle can be repeated as often as daily, with reports on demand, on schedule or on alarm.

Figure 2
Fig. 2 - HIPAA Compliance Methodology

Enterprise Compliance Console for HIPAA™

The enterprise managment compliance package includes a console that allows hospitals or disttribed health care enterprises to access and view the HIPAA security rule compliance status of all of their business associates. This uses an implementation of technology developed under the sponsorship of the US Department of Homeland Security. The console allows the hospital to review and display the HIPAA security rule compliance status of each or all active business associates that have been configured and authorized access.

Figure 3
Fig. 3 - HIPAA Compliance Console

Glossary of Abbreviations

  • AV - Anti-Virus
  • IPS - Intrusion Prevention System
  • NIST - National Institute of Standards and Technology
  • SCAP - Security Content Automation Protocol
  • Syslog - System Log output from security devices
  • UTM - Unified Threat Management System
Model / Part Number Product Name
CCC-HIPAAunlim-1Y HIPAA Security Rule Compliance Reporter™
CCC-HIPAA-1Y Enterprise Compliance Console for HIPAA™
Home  |  Products  |  Privacy  |  Terms of Use  |  Partners  |  News & Events  |  About
Copyright © 2006-2017 ACR 2 Solutions. All rights reserved.