Home | About Us

Welcome

Compliance with the HIPAA Security Rule is critical to protecting Personal Health Information (PHI) as well as your trusted brand. But the flexibility of HIPAA rules and the lack of technical specifications may leave you looking for answers. How much security is enough? What are my particular compliance requirements? Gartner Research provides the guidance you need to help you assess your risks, determine your strategy, and defend your decisions.

We've also included information on security solutions that will help "right size" your compliance program. Choosing the right security can help reduce the cost and complexity of compliance while providing you with the best in PHI protection. Please take a moment to learn how our solutions can help you strengthen both compliance and security.

Steve Quane
Executive General Manager, Enterprise Business Unit, Trend Micro



  • Addressing HIPAA Security, Part 2: 'Rightsizing' Compliance
  • Paul E. Proctor
  • 23 September 2009
  • Covered entities and business associates must address the U.S. Health Insurance Portability and Accountability Act (HIPAA) requirements, or risk penalties and collateral risks, such as civil lawsuits and brand damage. Many organizations have not devoted as much time to security requirements as privacy requirements, and they fail to realize that there can be no privacy without security. The law recognizes that security and privacy are strongly linked and has addressed that in the security rule.
Key Findings
  • The HIPAA Security Rule outlines 18 HIPAA "standards" covering 36 implementation specifications that protect the confidentiality, integrity and availability of individually identifiable health information, also known as protected health information (PHI).
  • A HIPAA standard is a higher-level line item requirement in the rule, and an implementation specification is a more-detailed requirement within a standard.
  • The security rule uses "required" as well as "addressable" implementation specifications in an attempt to build clarity into the flexible aspects of the rule.
  • The decision of appropriateness is left up to each organization, but the rule gives guidelines, such as using these factors in making the decision: risk analysis process, risk mitigation strategy, security measures already in place and the cost of implementation.
  • Smaller organizations with limited resources and simpler networks will need to do less to ensure compliance than will large organizations with complicated infrastructures.

Trend Micro

  • Choosing the Right Security for HIPAA Compliance
  • Learn more about how you can simplify HIPAA compliance. To make sure that you are both compliant and secure, you need solutions that address a broad range of controls, solve tough compliance challenges, and deliver maximum protection at minimal cost.
  • Safeguarding PHI with Data Protection Solutions
  • Protect sensitive PHI data whether it’s at rest, in use, or in motion. Learn how policy-based endpoint data loss prevention and email encryption will help you integrate sustainable controls into your existing infrastructure to safeguard confidential patient information.
  • Keeping All Types of Devices Compliant
  • Expand your protection to all of the networked devices that you are increasingly reliant on to provide patient care. Find out how innovative endpoint security and network security overwatch provide compliance and protection for standard systems as well as any networked medical device such as MRI, X-ray, and CAT scanners.
  • Extending Compliance and Protection to Virtualized Systems
  • Reap the benefits of virtualization without putting patient data at risk. Get broad protection that keeps virtualized servers and desktops secure and compliant. Find out how you can secure your datacenter across physical, virtual, and cloud servers.