1. HIPAA COMPLIANCE WITH DELL

2. SECURITY Administrative Procedures: Physical Safeguards:
To ensure security plans, policies, procedures, training, and contractual agreements exist
Physical Safeguards:
To provide assigned security responsibility and controls over all media and devices
To provide specific authentication, authorization, access, & audit controls to prevent improper access to electronically stored information
Technical Security Services:
To establish communications/network controls to avoid the risk of interception and/or alteration during electronic transmission of information
Technical Security Mechanisms:

3. SPECIFICS Requirement Dell/Partner
Administrative Procedures to Guard Data Confidentiality, Integrity and Availability
Periodic inventory of hardware/software assets
IT Assets Report
Periodic security testing, including hands-on functional testing and verification
Dell Vulnerability Scanning/Assessment
Intrusion monitoring
Patch Assessment
Business Partner Agreements
Appropriate contractual language to preserve “chain of trust”
Contingency plan requiring formal assessment of the sensitivity, vulnerabilities, and security of covered entities
Intrusion Monitoring
Proactive vulnerability assessments
Network Vulnerability Assessment
Windows Intrusion monitoring
Vulnerability scanning

4. Technical Security Services
SPECIFICS
Requirement
Dell/Partner
Technical Security Services
Ongoing monitoring of information system to determine if system has been compromised, misused or accessed by unauthorized individuals
Overall IT monitoring
Off-site Monitoring and Management
Intrusion Monitoring/Alerting
Patch Assessment
Technical Security Mechanisms
Event reporting mechanisms
Automated security alerts, notification, and escalation capabilities
Alarm System
Audit Trails
Real-time intrusion alerts; monthly intrusion summaries: login/logout activity by user/device; failed login details report; account modification activity by user/account report

5. ADMINISTRATIVE PROCEDURES
Solution: Documents need for periodic inventory of IT assets
Requirement: Maps to configuration management requirement

6. ADMINISTRATIVE PROCEDURES
Solution: Internal security assessment; vulnerability testing and verification
Requirement: “Periodic security testing”

7. TECHNICAL SECURITY MECHANISMS
Solution: Captures unauthorized activity and users
Monthly Summaries
Demonstrates who touched what and when
Requirement: audit trails

8. TECHNICAL SECURITY SERVICES
Solution: Reduce costs of keeping up with Microsoft patches by automating identification and mitigation processes
Requirement: Determine areas of network that are vulnerable because of missing patches

9. TECHNICAL SECURITY SERVICES & MECHANISMS
Solution: Document that critical pieces of security infrastructure are protected 24x7
Requirement: Assure firewall is operating efficiently

10. TECHNICAL SECURITY MECHANISMS
ENSURE AUTOMATED EVENT REPORTING, NOTIFICATION AND ESCALATION

11. DELL BENEFITS Reduce overall costs of complying with HIPAA
Automates preparation of audit and asset requirements
Achieve compliance in the shortest time possible
Predefined monthly summary reports allow for immediate deployment by network administrators and privacy officers
Minimize the impact of compliance on day-to-day operations
Provides one central view of IT resources and security requirements
Enables preparation of a “full graphic response” to security requirements –not just legal forms
Printable reports, easily exported to Excel, other formats