The Health Insurance Portability and Accountability Act of 1996 (HIPAA) mandates federal protections for personal health information and gives patients an array of rights with respect to that information. HIPAA requires that technical and non-technical safeguards be put in place to secure individuals’ “electronic protected health information” (e-PHI). The HIPAA Security Rule establishes a national set of security standards for protecting certain health information that is held or transferred in electronic form. Within HIPAA Security Rule Standards and Implementation Specifications, two required standards in the Security Management process are:

Risk Analysis - 164.308(a)(1)(ii)(A) R - Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic Protected Health Information (ePHI) held by the covered entity.

Web application attacks, launched on port 80/443, go straight through the firewall, past operating system and network level security, right in to the heart of your application and corporate data. Tailor-made web applications are often insufficiently tested and have undiscovered web vulnerabilities. This marks them as easy prey for hackers.

Risk Management - 164.308(a)(1)(ii)(B) R - Implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level to comply with § 164.306(a).

Any health service entity that handles sensitive medical information about patients must protect and demonstrate HIPAA ,GamaSec ’s application security solutions help health care providers comply with data protection regulations, by allowing them to use automated processes to test for vulnerabilities in Web applications. GamaSec checks for vulnerabilities and malware

GamaScan offers specific benefits to entities that need to be HIPAA compliant including:

  • Application vulnerability assessment
  • Daily update for new vulnerabilities
  • Zero Day vulnerability finding
  • Includes checks for all web-site attacks
  • Application layers vulnerabilities check ( e.g. Cross Site Scripting (XSS), SQL injection, Code Inclusion)
  • Online Tech consulting ticket 24/7
  • Scan customization
  • On-demand Scanner Schedule is adapted to your corporate and/or personal needs.
  • Assist clients in identifying and resolving vulnerabilities early in the delivery lifecycle so their impact is minimized.
  • Automated PDF vulnerability report with clearly defines existing vulnerabilities, along with recommended solutions

GamaScan can identify vulnerabilities so that hackers do not get private patient information.