Why is maintaining HIPAA Compliance
important on the Mainframe?
According to ICIT Fellow Robert Lord “As a nation, we are in a serious crisis right now. What we did was spend tens of millions of dollars rolling out electronic health records. We put very little thought into how we were going to protect that data. Unfortunately, hackers have decided that healthcare is a very soft target, and that protected health information is extraordinarily valuable.
In 2015, there were 113 million medical records that were breached — a third of our nation’s medical records.
An extraordinarily small fraction of healthcare companies’ budgets — 5% — is spent on cybersecurity. Other companies with less sensitive information, such as financial institutions, spend about 12-15% of their budget on cybersecurity.”
So how can KRI HELP you Achieve Cost-Effective
HIPAA Compliance on the Mainframe?
KRI Integrity Assessment Services (IAS) provides access to a wide variety of approaches to assess and manage vulnerability risk on the mainframe. In addition, KRI helps enterprises continuously monitor your active HIPAA policies and procedures to prevent, detect, contain, and correct security violations.
In order to achieve HIPAA compliance means implementing a comprehensive set of procedural controls including the creation and ongoing maintenance of a set of Administrative Safeguards within the Security Rule. Within the Administrative Safeguards are a set of Security Rules that are not specific to the size, complexity, and capabilities of the covered entity, nor the covered entity’s technical infrastructure, hardware, and software security capabilities.
The tasks that are necessary to meet these standards and controls can be time consuming and tedious. The majority of entities covered under HIPAA can’t address the ongoing monitoring on their own because of lack of time, staff and money. Most end up merely waiting for a yearly outside assessment or audit to demonstrate compliance via minimal audit and risk documentation. As a result, these organizations and their suppliers are at danger of a breach.
Following is a list of pertinent HIPAA requirements and how KRI solutions should be applied to meet these requirements on enterprise mainframes within the the covered entities data environment.