Health Insurance Portability and Accountability Act (HIPAA) compliance requires a combination of trained staff and management, together with strong policies and industry leading technology. The Department of Health and Human Services (HHS) has provided a framework of control objectives for measuring HIPAA compliance. Virtualization brings positive advantages to supporting HIPAA controls and for measuring HIPAA compliance.
“HIPAA compliance is a requirement. By choosing Catbird, we’re keeping money in the company – avoiding fines and bad press.” Matthew Barrett, Jefferson Radiology
How Catbird Helps HIPAA Compliance
Catbird complements virtualization technologies by providing comprehensive support for the key controls required by the HIPAA framework and hence brings major benefits to achieving HIPAA compliance.
1. Access Controls and Virtual Administration
Virtualization collapses traditional data center roles and potentially increases the risks associated with inadequate segregation of duties. Catbird provides dual controls to support strong segregation of duties within the virtual infrastructure environment, supporting the creation of specific roles for Operations, Security, and Audit personnel. These roles are then enforceable by zone and policy.
2. Monitoring and Reporting
Catbird Insight and Catbird Secure include detailed and multi-layered device, system, service, and Internet web-application monitoring capabilities and provide standard and customizable thresholds for applicable service levels. Reports can be published for individual services, groups of services, or for all services. Real-time monitoring for service and virtual machine availability together with network flow reports may be used to inspect virtual network topologies.
3. Integrity Management
Catbird Secure provides policy-driven security with configuration baselines. This includes security services, alerts, and reporting to monitor events, detect attacks, validate configurations, and protect against unauthorized changes and unauthorized use.
4. Risk Assessment
Support for continuous and periodic assessment of quantitative technical risks to the IT infrastructure assists in the provision of risk reporting. These assessments are available by asset, asset type, zone, site, or any other custom portfolio.
5. Test Environments
Catbird supports manual and automated controls with monitoring and reporting of the integrity of test environments. Catbird TrustZones may be configured to simplify comparison of production and development environments to ensure configuration consistency and integrity.
Catbird is the only product that addresses the key HIPAA controls needed for HIPAA compliance. Catbird goes beyond monitoring and audit by instantly identifying compromised assets, alerting appropriate personnel, and enabling optional quarantine of offending virtual machines. No other vendor can deliver the breadth and depth necessary for HIPAA compliance from within the virtual infrastructure.
Catbird includes the following features supporting HIPAA compliance in the virtual data center:
- Default HIPAA specific policies and reports built upon Catbird Secure technical controls that are automatically mapped to the appropriate HIPAA controls. Catbird monitors, audits and enforces more HIPAA controls than any other vendor
- Enforcement of network access and traffic flow controls even in a flat network—significantly reducing the scope and cost of audit and compliance requirements
- Automatic quarantine of out-of-policy or compromised Virtual Machines to prevent breach of data center security
- Network segmentation
- Continuous vulnerability management
- Continuous monitoring and configuration validation of Catbird TrustZones
- Change audit and compliance enforcement
- Specific HIPAA security policies designed for optimal protection of the management network and other hypervisor management components
For more information: