Simplify HIPAA Compliance

Armor cloud security solutions—audit-ready compliance in under 2 minutes

Simplify your life: Overcome your Health Insurance Portability and Accountability Act of 1996 (HIPAA) compliance challenges by securing your critical ePHI and PHI data workloads with Armor. Our Health Information Trust Alliance Common Security Framework (HITRUST CSF) certified security solutions provide inherited compliance controls to cloud-ready organizations.

This means easier audits and, most important, security for the data that needs it most.

How Armor Helps Clients Become HIPAA Compliant

HITRUST CSF-Certified Solutions: Armor is certified by the Health Information Trust Alliance Common Security Framework (HITRUST CSF); A framework designed to simplify HIPAA compliance requirements by providing prescriptive compliance guidelines.

Inherited Compliance Controls: Our managed security solutions were built to address the risk-based nature of HIPAA compliance and pass their compliant status to customer data.

HIPAA Compliance Support: Our security team provides 24/7/365 customized, hands-on support to help you overcome any compliance challenge.

Security-Driven Compliance: True cloud security is more than just a checklist; it’s about letting compliance be an outcome of a security program, not its goal. Our approach to security does just that: proactive cybersecurity powered by the experts in our 24/7/365 security operations center (SOC).

Our cloud security solutions were created to simplify compliance—minimizing HIPAA-related anxiety and preventing breaches of patient information. We did this by taking a security-first approach and building security measures into our infrastructure. Ensuring the entire environment not only meets compliance requirements but provides a level of security compliance doesn’t attain. Security is the goal, compliance is an outcome.

AWS Cloud Formation Template

Our CloudFormation Template allows customers to reliably and consistently spin up the basic client/server architecture necessary to run web applications in AWS in a way that is in-line and consistent with the HITRUST guidelines for implementing HIPAA in the cloud.

Datasheet

Armor cloud security solutions were designed to fulfill all requirements for HIPAA compliance. Armor itself is HITRUST CSF certified. For more information, take a minute to read Armor for Healthcare Data in the Cloud to get an in-depth look at our healthcare data security apparatus.

What is HITRUST CSF?

Since HIPAA is more risk-based as opposed to a prescriptive set of security controls the Health Information Trust Alliance collaborated with health care and information security leaders to develop the HITRUST Common Security Framework (CSF).

The HITRUST CSF provides an actionable and scalable framework around HIPAA guidelines that organizations can follow to when managing compliance for their ePHI and PHI data.

Armor solutions are certified against HITRUST CSF and pass that status on the data workloads and applications they protect.

HITRUST CSF Whitepaper

HITRUST CSF certified organizations can better manage their assessments and consolidate evidence collection. Download the whitepaper to learn more about the HITRUST certification goals and requirements.

Inherited HITRUST CSF Controls

Armor customers benefit from inherited HITRUST CSF controls just by securing their data workloads and applications with our HITRUST CSF-certified solutions. This means streamlined audits and cost savings for organizations without robust cloud security programs.

Click on the tabs below to see key HITRUST CSF controls addressed by our solutions:

Armor Security ServicesHIPAA/HITECH ControlsHITRUST CSF v8 Controls Required for CertificationRisk Mitigation
Intrusion DetectionSecurity best practice – implied control under 164.306(A)09.mMalicious allowed traffic
Internal Network Vulnerability ScanningIncluded in §164.308(a)(1)10.mExploits due to missing patches/updates; improper network firewall configuration
File Integrity Monitoring§164.312(e)09.ab, 10.hMonitoring unauthorized changes to critical files
OS Patching/UpdatingSecurity best practice implied control under 164.306(A)10.mOS weaknesses Malware Protection
Malware Protection§164.308(a)(5)(ii)(B)09.ab(HT4), 10.hCompromise due to virus/malware infection
Log Management§164.308(a)(1)(ii)(D), §164.308(a)(5)(ii)(C), §164.312(b)09.aa, 09.ab, 09.acDetection of malicious activity

*Please note that the above table does not represent all HITRUST controls nor those covered by Armor. View the full compliance matrix for additional information.

View the entire Armor Anywhere HITRUST Compliance Matrix.

Armor Security ServicesHIPAA/HITECH ControlsHITRUST CSF v8 Controls Required for CertificationRisk Mitigation
IP Reputation Filtering§164.308(a)(1)(ii)(A)09.mActivity from known bad sources
DDoS MitigationSecurity best practice implied control under 164.306(A)09.m, 09.h (included in Level 2 implementation)Loss of availability due to high volume of malicious activity
Web Application FirewallSecurity best practice – implied control under 164.306(A)09.mApplication layer flaws and exploits
Intrusion DetectionSecurity best practice implied control under 164.306(A)09.mMalicious allowed traffic
Network Firewall (Hypervisor-Based)Security best practice implied control under 164.306(A)01.m, 01.o, 01.w, 09.mUnwanted network connectivity
Secure Remote Access (Two-factor authentication)§164.312(d), §164.312(a)(2)(iii)01.j, 05.i, 09.sUnauthorized remote use of administrative access
Secure Remote Administrative Access§164.312(d)01.j, 05.i, 09.m, 09.sDisclosure of administrative credentials
OS Patching/UpdatingSecurity best practice implied control under 164.306(A)10.mOS weaknesses Malware Protection
Malware Protection§164.308(a)(5)(ii)(B)09.ab, 10.hCompromise due to virus/malware infection
Log Management§164.308(a)(1)(ii)(D), §164.308(a)(5)(ii)(C), §164.312(b)09.aa, 09.ab, 09.acDetection of malicious activity
Physical Security§164.310(a)(2)(i), §164.310(a)(2)(ii), §164.310(a)(2)(iii), §164.310(a)(2)(iv)08.b, 08.d, 08.j, 09.ab, 09.qPhysical theft or compromise of data

*Please note that the above table does not represent all HITRUST controls nor those covered by Armor. View the full compliance matrix for additional information.

View the entire Armor Complete HITRUST Compliance Matrix.

Armor Compliance Expertise: HIPAA

Armor is HITRUST CSF certified. We are HIPAA compliance experts. In fact, HITRUST chose us to secure their MyCSF application. Why wouldn’t you choose the security provider trusted by HITRUST itself? Seems like a no-brainer—plus, you’re compliant the day you entrust your security needs with Armor.

Leverage that HIPAA compliance expertise to overcome any compliance challenge. We provide 24/7/365 hands-on support for your internal teams tasked with managing HIPAA-regulated data and compliance. Relying on our proven security talent is the most direct way to increase your cloud security proficiency without adding to headcount or purchasing and integrating DIY tools.

Our talent and best-of-breed security technologies culminate in a heightened level of cloud security and compliance that only Armor can deliver.

Extend your security team

  • Our CISO is Your CISO: Extend your cloud security roster with proven security talent. We streamline audits and assessments with hands-on expertise and guidance through any HIPAA and HITRUST CSF cloud compliance challenge.
  • Certifiable Cyber Security Badasses: The individuals in our security operations center (SecOps) have a combined 60 cyber security certifications.
  • Proven Cloud Security Results: Our SOC managed more than 4,800 security incidents and analyzed more than 771 billion logs in 2016.

Learn more about extending your security team.