Streamline HIPAA Compliance

Overcome your HIPAA compliance challenges by securing your critical ePHI and PHI data workloads with Armor, The First Totally Secure Cloud Company™. Our HITRUST CSF-certified managed security solutions provide inherited compliance controls to cloud-ready organizations.

This means easier audits and, most importantly, security for data that needs it most.

How Armor simplifies HIPAA Compliance:

  • HITRUST CSF-Certified Solutions: Armor is certified against CSF from the Health Information Trust Alliance (HITRUST), a framework designed to simplify HIPAA compliance requirements by providing prescriptive compliance guidelines.
  • Inherited Compliance Controls: Our managed security solutions were built to address the risk-based nature of HIPAA compliance s and pass their compliant status to customer data.
  • HIPAA Compliance Support: Our security team – from our analysts up to our CISO – provide 24/7/365 customized, hands-on support to help you overcome any compliance challenge.
  • Security-Driven Compliance: True cloud security is more than just a checklist, it’s about letting compliance be an outcome of a security program, not its driver. Our approach to security does just that: proactive cyber security powered by the experts in our 24/7/365 security operations center (SOC).

Our purpose-built managed cloud security solutions were created to simplify compliance – minimizing HIPAA-related anxiety and preventing breaches of patient information.

HIPAA Cloud Compliance FAQ

Need-to-know facts on HIPAA compliance in the cloud

HIPAA compliance shouldn’t be a mystery. Learn about the intricacies of this standard with our Health Insurance Portability and Accountability Act of 1996 (HIPAA) compliance in the cloud frequently asked questions (FAQ).

White Papers

How to Become HITRUST CSF-Certified

HITRUST CSF certified organizations can better manage their assessments and consolidate evidence collection. Learn more about the HITRUST certification goals and requirements.

What is HITRUST CSF?

Since HIPAA is more risk-based as opposed to a prescriptive set of security controls the Health Information Trust Alliance collaborated with health care and information security leaders to develop the HITRUST Common Security Framework (CSF).

The HITRUST CSF provides an actionable and scalable framework around HIPAA guidelines that organizations can follow to when managing compliance for their ePHI and PHI data.

Armor solutions are certified against HITRUST CSF and pass that status on the data workloads and applications they protect.

Inherited HITRUST CSF Controls

Armor customers benefit from inherited HITRUST CSF controls just by securing their data workloads and applications with our HITRUST CSF-certified solutions. This means streamlined audits and cost savings for organizations without robust cloud security programs.

Click on the tabs below to see key HITRUST CSF controls addressed by our solutions:

Armor Security Services HIPAA/HITECH Controls HITRUST CSF v8 Controls Required for Certification Risk Mitigation
Intrusion Detection Security best practice – implied control under 164.306(A) 09.m Malicious allowed traffic
Internal Network Vulnerability Scanning Included in §164.308(a)(1) 10.m Exploits due to missing patches/updates; improper network firewall configuration
File Integrity Monitoring §164.312(e) 09.ab, 10.h Monitoring unauthorized changes to critical files
OS Patching/Updating Security best practice implied control under 164.306(A) 10.m OS weaknesses Malware Protection
Malware Protection §164.308(a)(5)(ii)(B) 09.ab(HT4), 10.h Compromise due to virus/malware infection
Log Management §164.308(a)(1)(ii)(D), §164.308(a)(5)(ii)(C), §164.312(b) 09.aa, 09.ab, 09.ac Detection of malicious activity

*Please note that the above table does not represent all HITRUST controls nor those covered by Armor. View the full compliance matrix for additional information.

View the entire Armor Anywhere HITRUST Compliance Matrix.

Armor Security Services HIPAA/HITECH Controls HITRUST CSF v8 Controls Required for Certification Risk Mitigation
IP Reputation Filtering §164.308(a)(1)(ii)(A) 09.m Activity from known bad sources
DDoS Mitigation Security best practice implied control under 164.306(A) 09.m, 09.h (included in Level 2 implementation) Loss of availability due to high volume of malicious activity
Web Application Firewall Security best practice – implied control under 164.306(A) 09.m Application layer flaws and exploits
Intrusion Detection Security best practice implied control under 164.306(A) 09.m Malicious allowed traffic
Network Firewall (Hypervisor-Based) Security best practice implied control under 164.306(A) 01.m, 01.o, 01.w, 09.m Unwanted network connectivity
Secure Remote Access (Two-factor authentication) §164.312(d), §164.312(a)(2)(iii) 01.j, 05.i, 09.s Unauthorized remote use of administrative access
Secure Remote Administrative Access §164.312(d) 01.j, 05.i, 09.m, 09.s Disclosure of administrative credentials
OS Patching/Updating Security best practice implied control under 164.306(A) 10.m OS weaknesses Malware Protection
Malware Protection §164.308(a)(5)(ii)(B) 09.ab, 10.h Compromise due to virus/malware infection
Log Management §164.308(a)(1)(ii)(D), §164.308(a)(5)(ii)(C), §164.312(b) 09.aa, 09.ab, 09.ac Detection of malicious activity
Physical Security §164.310(a)(2)(i), §164.310(a)(2)(ii), §164.310(a)(2)(iii), §164.310(a)(2)(iv) 08.b, 08.d, 08.j, 09.ab, 09.q Physical theft or compromise of data

*Please note that the above table does not represent all HITRUST controls nor those covered by Armor. View the full compliance matrix for additional information.

View the entire Armor Complete HITRUST Compliance Matrix.

HIPAA Compliance Expertise

Leverage our HIPAA compliance expertise to overcome any compliance challenge. We provide 24/7/365 hands-on support for your internal teams tasked with managing HIPAA-regulated data and compliance. Relying on our proven security talent is the most direct way to increase your cloud security proficiency without adding to headcount or purchasing and integrating DIY tools.

Our talent and best-of-breed security technologies culminate in a heightened level of cloud security and compliance that only we can deliver.

  • Our CISO is Your CISO: Extend your cloud security roster with proven security talent. We streamline audits and assessments with hands-on expertise and guidance through any HIPAA and HITRUST CSF cloud compliance challenge.
  • Certifiable Cyber Security Badasses: The individuals in our security operations center (SecOps) have a combined 60 cyber security certifications.
  • Proven Cloud Security Results: Our SOC managed more than 4,800 security incidents and analyzed more than 771 billion logs in 2016.

Learn more about extending your security team.