HIPAA is the acronym for Health Insurance Portability and Accountability Act of 1996.

It is a federal law
that has been amended to the Internal Revenue Code of 1996. It was designed to improve portability and
continuity of health insurance coverage in group and individual markets.

Title–I HIPAA Compliance - HIPAA protects health insurance coverage for workers and their families
when they change or lose jobs.

Title-II HIPAA Compliance - The Administrative Simplification (AS) provisions requires the
establishment of national standards for electronic health care transactions and national identifiers for
providers, health insurance plans, and employers. AS provisions also address the security and privacy of
health data. The standards are meant to improve the efficiency and effectiveness of the nation's health care
system by encouraging the widespread use of electronic data interchange in the US health care system.

Omnibus HIPAA Rulemaking (2013)

HIPAA / HITECH Omnibus Final Rule came into effect in late March 2013, with a 180-day safe
compliance period that recently ended on September 23, 2013. The rule greatly enhances a patient’s
privacy protections, provides individuals new rights to their health information, and strengthens the
government’s ability to enforce the law. The HIPAA privacy and security rules have focused on health
care providers, health plans and other entities that process health insurance claims. The changes announced
today expand many of the requirements to business associates of these entities that receive protected health
information, such as contractors and subcontractors.

In Short:

1. Implement or Update Security Policies and Procedures.

2. Enter Into or Update Business Associate Agreements.
3. Update or Implement Privacy Policies and Procedures.
4. Update HIPAA Privacy Notices.
5. Conduct HIPAA Compliance Training.

Part 164 - Security and Privacy

Note: Click the section numbers in the following table to view the various ADAudit Plus audit reports that
will help satisfy a particular clause.
Section
Description Reports
Number

1. Successful AD
Authentication
Implement procedures for the authorization and / or
2. Failed AD
164.308 (a) supervision of workforce members who work with
Authentication
(3) (ii) (a) electronic protected health information or in
3. Server Logon
location where it might be accessed.
Activity

Implement procedures to regularly review records System Activity:

of information system activity, such as audit logs,
access reports, and security incident tracking 1. Logon
164.308 (a) reports. 2. Audit Logs
(1) (ii) (d) / 3. File Changes
164.312 (b) Implement hardware, software, and/or procedural 4. File Deleted
mechanisms that record and examine activity in 5. File Creation
information systems that contain or use electronic 6. File Access
protected health information.

164.308 (a) Implement policies and procedures to prevent,

Object Changes in AD &
(4) / 164.308 detect, contain, and correct security violations.
GPO / File Servers
(a) (1) (Unauthorized changes).

1. Successful Logon /
Logoff
164.308 (a) Procedures for monitoring log-in attempts and 2. Unsuccesful Logon
(5) (ii) (c) reporting discrepancies. 3. Terminal Service
Logon

Implement policies and procedures that, based upon

1. GPO Changes
the entity's access authorization policies, establish,
164.308 (a) 2. User Rights /
document, review, and modify a user's right of
(4) (c) Security Options
access to a workstation, transaction, program, or
Changes
process.
 3. User Management
(Attribute
Changes)

Real-Time Audit Reports from ADAudit Plus