Prevent a data breach by protecting data everywhere Classify & track risks, automatically remediate them
Automatically monitor & document compliance status for CIS, SOC2, NIST, ISO, HIPAA and many more
Reduce the risk of a cloud breach. Automatically detect misconfigurations, public access, open ports, and more
Monitor & control network traffic inside your cloud apps. Apply microsegmentation policies with one-click
Reduce overall cloud security risk. Detect & remediate vulnerabilities, open ports, malware, misconfiguration..
Deploy Microsec in minutes and start actively protecting your cloud. Block risky access, eliminate exposures..
The Enforcement Rule empowers OCR to:
• Investigate HIPAA complaints
• Conduct compliance reviews
• Perform education and outreach
• Levy fines of up to $1.5 million.
In 2020, OCR fined 16 organizations for HIPAA violations, for a total of over $13.5 million. OCR also works with the Department of Justice to refer possible criminal violations of HIPAA.
The Security Rule requires three types of safeguards be in place to secure ePHI — including:
Administrative safeguard requirements:
1. Documented security management processes
2. Signated security personnel
3. An information access management system
4. Workforce security training 5. Periodic assessments of all security protocols
Physical safeguard requirements:
1. Control who has access to physical facilities where ePHI is stored
2. Secure all workstations and devices that store or transmit ePHI
Technical safeguard requirements:
1. Access controls to secure ePHI in the EHR and other databases
2. PHI data must be encrypted when it is at rest and during transit
3. Audit controls for all hardware and software that manages or transmits ePHI to meet HIPAA
network requirements
4. Integrity controls to ensure ePHI is not improperly edited or deleted
For additional HIPAA compliance information, HHS provides guidance materials, checklists, and risk assessments tools.
Popup