Overview
The U.S. Department of Health and Human Services (HHS) published the Health Insurance Portability and Accountability Act (HIPAA) Security Rule to introduce standards to protect the privacy and security of protected health information (PHI) and electronic protected health information (ePHI). The HIPAA Security Rule includes three sets of safeguards:
- Administrative https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/adminsafeguards.pdf
- Physical https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/physsafeguards.pdf
- Technical https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/techsafeguards.pdf
When properly configured, ThreatLocker can assist organizations in meeting these safeguards and standards. We have done our best to outline the safeguards and standards that ThreatLocker supports. Where a standard is not listed, ThreatLocker is not involved in that process or does not currently support it.
Disclaimer: We make no claim on the end-user. If ThreatLocker policies are not configured correctly, they will not support the listed standards.
Security Standards: Administrative Safeguards
Administrative actions, and policies and procedures, to manage the selection, development, implementation, and maintenance of security measures to protect electronic protected health information and to manage the conduct of the covered entity’s workforce in relation to the protection of that information.”
STANDARD § 164.308(a)(1) Security Management Process
Implement policies and procedures to prevent, detect, contain and correct security violations.
RISK ANALYSIS (R) - § 164.308(a)(1)(ii)(A)
Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity.
ThreatLocker can assist with providing insights into potential risks and vulnerabilities of an organization’s environment.
- The ThreatLocker Health Report offers valuable insights into ongoing activities within an organization’s environment, supplemented by actionable recommendations. These recommendations serve to enhance the organization’s grasp of security measures and strategies, empowering them to bolster their overall protection.
- ThreatLocker Ops uses the telemetry data collected across all the ThreatLocker modules to identify and automatically respond to potential indicators of compromise or weakness in the environment.
RISK MANAGEMENT (R) - § 164.308(a)(1)(ii)(B)
Implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level to comply with §164.306(a).
ThreatLocker can be configured to set security measures in place to reduce risks and vulnerabilities. With the proper configuration of policies within the ThreatLocker platform, users who attempt to conduct activity against any policies will not be able to.
- Application Control can restrict what applications can run in your environment, who can use them, and when.
- Network Control allows total control of inbound traffic based on IP addresses, specific keywords, agent authentication, or dynamic ACLs, to your protected devices using a simple server-client connection.
- Storage Control allows you to customize whether a user can access different types of storage, such as USB drives, network shares, and local folders. Additionally, you can configure Storage Control to only allow specific interfaces to access particular file paths.
- Configuration Manager provides a centralized, policy-driven portal where IT admins can set configuration policies per individual endpoint, computer group, organization, or across multiple organizations.
- ThreatLocker Ops uses the telemetry data collected across all the ThreatLocker modules to identify and automatically respond to potential indicators of compromise or weakness in the environment.
INFORMATION SYSTEM ACTIVITY REVIEW (R) - § 164.308(a)(1)(ii)(D)
Implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports.
ThreatLocker can support organizations by providing information about system activity.
- The Unified Audit is a transactional history of everything that ThreatLocker is securing, including simulated denies if the machine is not secured. Organizations can use the Unified Audit logs to see attempted and ongoing activity in their environment to help them regularly review records of information system activity.
STANDARD § 164.308(a)(3) Workforce Security
Implement policies and procedures to ensure that all members of its workforce have appropriate access to electronic protected health information, as provided under [the Information Access Management standard], and to prevent those workforce members who do not have access under [the Information Access Management standard] from obtaining access to electronic protected health information.
AUTHORIZATION AND/OR SUPERVISION (A) – § 164.308(a)(3)(ii)(A)
Implement procedures for the authorization and/or supervision of workforce members who work with electronic protected health information or in locations where it might be accessed.
ThreatLocker can assist with the process of allowing a particular user or device the right to carry out activities such as running an application or reading a file.
- Application Control can restrict what applications can run in your environment, who can use them, and when.
- Storage Control allows you to customize whether a user can access different types of storage, such as USB drives, network shares, and local folders. Additionally, you can configure Storage Control to only allow specific interfaces to access particular file paths.
STANDARD § 164.308(a)(4) Information Access Management
Implement policies and procedures for authorizing access to electronic protected health information that are consistent with the applicable requirements of subpart E of this part [the Privacy Rule].
ACCESS AUTHORIZATION (A) - § 164.308(a)(4)(ii)(B)
Implement policies and procedures for granting access to electronic protected health information, for example, through access to a workstation, transaction, program, process, or other mechanism.
ThreatLocker can assist with the process of allowing a particular user or device the right to carry out activities such as running an application or reading a file.
- Application Control can restrict what applications can run in your environment, who can use them, and when.
- Storage Control allows you to customize whether a user can access different types of storage, such as USB drives, network shares, and local folders. Additionally, you can configure Storage Control to only allow specific interfaces to access particular file paths.
Security Standards: Physical Safeguards
Physical measures, policies, and procedures to protect a covered entity’s electronic information systems and related buildings and equipment, from natural and environmental hazards, and unauthorized intrusion.
STANDARD § 164.310(b) Workstation Use
Implement policies and procedures that specify the proper functions to be performed, the manner in which those functions are to be performed, and the physical attributes of the surroundings of a specific workstation or class of workstation that can access electronic protected health information.
ThreatLocker can be configured to enforce policies and proper functions of devices.
- Application Control can restrict what applications can run in your environment, who can use them, and when.
- RingfencingTM can be configured to work together with Application Allowlisting to only allow permitted applications to run in the environment and to ensure these permitted applications do not interact with, or call out to, other applications or powerful tools, such as PowerShell.
- Network Control allows total control of inbound traffic based on IP addresses, specific keywords, agent authentication, or dynamic ACLs, to your protected devices using a simple server-client connection.
- Storage Control allows you to customize whether a user can access different types of storage, such as USB drives, network shares, and local folders. Additionally, you can configure Storage Control to only allow specific interfaces to access particular file paths.
Security Standards: Technical Safeguards
The technology and the policy and procedures for its use that protect electronic protected health information and control access to it.
STANDARD § 164.312(a)(1) Access Control
Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights as specified in § 164.308(a)(4)[Information Access Management].
UNIQUE USER IDENTIFICATION (R) - § 164.312(a)(2)(i)
Assign a unique name and/or number for identifying and tracking user identity.
ThreatLocker can help track specific user activity.
- The Unified Audit is a transactional history of everything that ThreatLocker is securing, including simulated denies if the machine is not secured.
AUTOMATIC LOGOFF (A) - § 164.312(a)(2)(iii)
Implement electronic procedures that terminate an electronic session after a predetermined time of inactivity.
ThreatLocker can help enforce procedures that terminate electronic sessions.
- Configuration Manager provides a centralized, policy-driven portal where IT admins can set configuration policies per individual endpoint, computer group, organization, or across multiple organizations. Specifically, the “Set Password Protected Screen Saver” policy would be helpful in enforcing this standard.
STANDARD § 164.312(b) Audit Controls
Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.
ThreatLocker can help track specific user activity.
- The Unified Audit is a transactional history of everything that ThreatLocker is securing, including simulated denies if the machine is not secured.
STANDARD § 164.312(c)(1) Integrity
Implement policies and procedures to protect electronic protected health information from improper alteration or destruction.
ThreatLocker can assist with protecting data from being altered or destroyed.
- Storage Control allows you to customize whether a user can access different types of storage, such as USB drives, network shares, and local folders. Access can be limited to read-only access or read-and-write access. Additionally, you can configure Storage Control to only allow specific interfaces to access particular file paths.