Streamline HIPAA Compliance

Overcome your HIPAA compliance challenges by securing your critical ePHI and PHI data workloads with Armor. Our HITRUST CSF-certified managed security solutions provide inherited compliance controls to cloud-ready organizations.

This means easier audits and, most importantly, security for data that needs it most.

How Armor simplifies HIPAA Compliance:

  • HITRUST CSF-Certified Solutions: Armor is certified against CSF from the Health Information Trust Alliance (HITRUST), a framework designed to simplify HIPAA compliance requirements by providing prescriptive compliance guidelines.
  • Inherited Compliance Controls: Our managed security solutions were built to address the risk-based nature of HIPAA compliance and pass their compliant status to customer data.
  • HIPAA Compliance Support: Our security team – from our analysts up to our CISO – provide 24/7/365 customized, hands-on support to help you overcome any compliance challenge.
  • Security-Driven Compliance: True cloud security is more than just a checklist, it’s about letting compliance be an outcome of a security program, not its driver. Our approach to security does just that: proactive cyber security powered by the experts in our 24/7/365 security operations center (SOC).

Our purpose-built managed cloud security solutions were created to simplify compliance – minimizing HIPAA-related anxiety and preventing breaches of patient information.

HIPAA Cloud Compliance FAQ

Need-to-know facts on HIPAA compliance in the cloud

HIPAA compliance shouldn’t be a mystery. Learn about the intricacies of this standard with our Health Insurance Portability and Accountability Act of 1996 (HIPAA) compliance in the cloud frequently asked questions (FAQ).

HIPAA FAQ
Find Your HIPAA Compliance Solution
White Papers

How to Become HITRUST CSF-Certified

HITRUST CSF certified organizations can better manage their assessments and consolidate evidence collection. Learn more about the HITRUST certification goals and requirements.

What is HITRUST CSF?

Since HIPAA is more risk-based as opposed to a prescriptive set of security controls the Health Information Trust Alliance collaborated with health care and information security leaders to develop the HITRUST Common Security Framework (CSF).

The HITRUST CSF provides an actionable and scalable framework around HIPAA guidelines that organizations can follow to when managing compliance for their ePHI and PHI data.

Armor solutions are certified against HITRUST CSF and pass that status on the data workloads and applications they protect.

Inherited HITRUST CSF Controls

Armor customers benefit from inherited HITRUST CSF controls just by securing their data workloads and applications with our HITRUST CSF-certified solutions. This means streamlined audits and cost savings for organizations without robust cloud security programs.

Click on the tabs below to see key HITRUST CSF controls addressed by our solutions:

Armor Security ServicesHIPAA/HITECH ControlsHITRUST CSF v8 Controls Required for CertificationRisk Mitigation
Intrusion DetectionSecurity best practice – implied control under 164.306(A)09.mMalicious allowed traffic
Internal Network Vulnerability ScanningIncluded in §164.308(a)(1)10.mExploits due to missing patches/updates; improper network firewall configuration
File Integrity Monitoring§164.312(e)09.ab, 10.hMonitoring unauthorized changes to critical files
OS Patching/UpdatingSecurity best practice implied control under 164.306(A)10.mOS weaknesses Malware Protection
Malware Protection§164.308(a)(5)(ii)(B)09.ab(HT4), 10.hCompromise due to virus/malware infection
Log Management§164.308(a)(1)(ii)(D), §164.308(a)(5)(ii)(C), §164.312(b)09.aa, 09.ab, 09.acDetection of malicious activity

*Please note that the above table does not represent all HITRUST controls nor those covered by Armor. View the full compliance matrix for additional information.

View the entire Armor Anywhere HITRUST Compliance Matrix.

Armor Security ServicesHIPAA/HITECH ControlsHITRUST CSF v8 Controls Required for CertificationRisk Mitigation
IP Reputation Filtering§164.308(a)(1)(ii)(A)09.mActivity from known bad sources
DDoS MitigationSecurity best practice implied control under 164.306(A)09.m, 09.h (included in Level 2 implementation)Loss of availability due to high volume of malicious activity
Web Application FirewallSecurity best practice – implied control under 164.306(A)09.mApplication layer flaws and exploits
Intrusion DetectionSecurity best practice implied control under 164.306(A)09.mMalicious allowed traffic
Network Firewall (Hypervisor-Based)Security best practice implied control under 164.306(A)01.m, 01.o, 01.w, 09.mUnwanted network connectivity
Secure Remote Access (Two-factor authentication)§164.312(d), §164.312(a)(2)(iii)01.j, 05.i, 09.sUnauthorized remote use of administrative access
Secure Remote Administrative Access§164.312(d)01.j, 05.i, 09.m, 09.sDisclosure of administrative credentials
OS Patching/UpdatingSecurity best practice implied control under 164.306(A)10.mOS weaknesses Malware Protection
Malware Protection§164.308(a)(5)(ii)(B)09.ab, 10.hCompromise due to virus/malware infection
Log Management§164.308(a)(1)(ii)(D), §164.308(a)(5)(ii)(C), §164.312(b)09.aa, 09.ab, 09.acDetection of malicious activity
Physical Security§164.310(a)(2)(i), §164.310(a)(2)(ii), §164.310(a)(2)(iii), §164.310(a)(2)(iv)08.b, 08.d, 08.j, 09.ab, 09.qPhysical theft or compromise of data

*Please note that the above table does not represent all HITRUST controls nor those covered by Armor. View the full compliance matrix for additional information.

View the entire Armor Complete HITRUST Compliance Matrix.

HIPAA Compliance Expertise

Leverage our HIPAA compliance expertise to overcome any compliance challenge. We provide 24/7/365 hands-on support for your internal teams tasked with managing HIPAA-regulated data and compliance. Relying on our proven security talent is the most direct way to increase your cloud security proficiency without adding to headcount or purchasing and integrating DIY tools.

Our talent and best-of-breed security technologies culminate in a heightened level of cloud security and compliance that only we can deliver.

  • Our CISO is Your CISO: Extend your cloud security roster with proven security talent. We streamline audits and assessments with hands-on expertise and guidance through any HIPAA and HITRUST CSF cloud compliance challenge.
  • Certifiable Cyber Security Badasses: The individuals in our security operations center (SecOps) have a combined 60 cyber security certifications.
  • Proven Cloud Security Results: Our SOC managed more than 4,800 security incidents and analyzed more than 771 billion logs in 2016.

Learn more about extending your security team.

RELATED RESOURCES

Data Sheets

Why Armor for HIPAA Compliance

Armor delivers true security outcomes that are designed for healthcare and HIPAA compliance. Actively defend ePHI and other sensitive data.

Case Studies

HITRUST

Through the creation of MyCSF, HITRUST partnered with Armor to help secure their cloud-based application. Read more about HITRUST in our “Certified for HIPAA” case study.

Data Sheets

Cloud Infrastructure Built for Compliance

Explore 16 compliance requirements to see how Armor experts work with your teams to achieve and maintain PCI and HIPAA compliance.

Reports

The True Cost of Cloud Security

Security of your data and applications in the cloud has a cost. But how much is too much? And how much is enough? Armor examines.

Data Sheets

HIPAA-Compliant Cloud Topology

Gain a complete overview of the Armor Complete network topology, designed with the healthcare industry and HIPAA compliance in mind.

White Papers

HIPAA Compliance & Risk Management

Keep your IT systems HIPAA compliant while maintaining optimal data security levels in a changing digital environment with our guide to HIPAA compliance & risk.