Network Security Scans for HIPAA Compliance

By HIPAA Vault

When trying to identify the proper HIPAA Compliant hosting company, you want to ensure proper security controls are in-place. One example, in particular, is Network Security Scanning capabilities and reporting. Hosting providers have to follow proper HIPAA guidelines and regulations when it comes to the privacy and protection of medical information. There are many vendors that provide these types of security tools/utilities to be used in cloud hosting environments. To name a few: Nessus, Greenbone, BeyondTrust, Nexpose, SAINT.

There is always the question: “How much does it cost ?” and “What I am paying for ?”. Pricing models can be based on different values such as how many systems to be scanned, how often should they be scanned, what level of depth to be scanned, etc. If these services are expensive, companies are not as willing to purchase these options; as cost is reduced, such options become more considered for purchase. For costs incurred when dealing with HIPAA Compliant hosting, knowing that security requirements are being fulfilled is paramount. However high or low the price, quality of service and information protection is what matters most.

Hosting providers have many options that can be configured for the proper level of scanning. Generally speaking, there are cursory scans and in-depth scans. By the name alone, “cursory” means to be done in haste, not thorough, and not detailed in nature; “in-depth” means to be completed carefully, extensively, and in a detailed fashion. Based on this, there can be additional steps and processes required to build the designated configuration to meet compliancy. For the purposes of HIPAA Compliant hosting, businesses should be thorough in their decision-making process yet have an understanding of the tools in-place being used to protect their health information, without having to figure out what it all means. While hosting providers have many options to choose from, discretion is based on company security constraints to properly satisfy HIPAA regulations.

Certain organizations may fall under certain conditions where specified criteria have to be implemented. For these entities, corporate security policies will drive the need for a more secure hosted environment. This will a more focused approach to include a higher level of awareness, deeper security scans, and additional reporting functionality. When dealing with these controlled environments, ensure that the hosting provider can accommodate these business needs.

System access privileges may be required to achieve an intrusive level of security scanning. Without providing proper credentials network security scanners are unable to gain system entry. This result would produce invalid information and inconclusive results. For example, not having security controls in-place and systems being monitoring for unauthorized access could lead to unwanted visitors obtaining sensitive medical information. Businesses should allow the HIPAA Compliant hosting provider to gain system-level access in case of emergency, without having to solely rely on the organization’s IT Staff to deal with these types of issues.

In the end, when comparing Network Security Scanning solutions for HIPAA Compliant hosting there are many products to choose from that can provide customizable configurations based on organizational business criteria. Choosing the right solution to ensure HIPAA compliance should be the goal of IT administrators tasked with maintaining system security.


Our certifications