Audit prep can be a daunting task requiring your team to regularly comb through logs and produce reports on your security practices.
Blumira’s Compliance Reports make audit assessments a breeze, integrating audit prep into your daily operations. Blumira allows you to schedule security reports at the click of a button to immediately show how you satisfy multiple regulatory requirements for CMMC, HIPAA, SOC 2, NIST and more.
HIPAA (Health Insurance Portability and Accountability Act of 1996) is a federal law that protects the confidentiality of sensitive patient health information. Healthcare organizations are mandated to comply with HIPAA data security regulations, including:
Section 164.308(a)(1)(ii)(D) Information system activity review (Required): Implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports.
Blumira’s platform monitors logs across your environment, identifying security incidents and keeping a complete history of your logs to help meet compliance.
Complying with HIPAA can help protect against healthcare security risks with the ongoing use of an information security management system. Blumira’s security operations platform helps your organization easily meet and exceed HIPAA compliance requirements for logging and monitoring through our SIEM paired with XDR-supported threat detection and response.
By regularly running and scheduling Blumira’s HIPAA reports, you can easily prove your compliance to an auditor for certain controls.
See which Blumira reports map to which HIPAA controls so you can easily hand over pre-built reports to your auditor to prove your compliance. Please note that each report is available for certain integrations, which are listed under report details below:
| HIPAA Compliance Controls | Blumira’s Global Reports |
| HIPAA 164.308(a)(3)(ii)(A) – Privileged Access: Track access by administrators and power users | HIPAA/HITECH Controls - Administrator Access (Windows) HIPAA/HITECH Controls - Admin/Root Access (Linux) Available for: Windows, Linux |
| HIPAA 164.308(a)(4)(ii)(B) – Firewall Traffic: Analyze allowed/blocked connections at perimeter | HIPAA/HITECH - Allowed Firewall Traffic HIPAA/HITECH - Blocked Firewall Traffic |
| HIPAA 164.308(a)(5)(ii)(C) – Log Tampering: Detect modifications or deletions of log data | HIPAA/HITECH Controls Log Tampering - Clearing of Windows Event Log Available for: Windows |
| HIPAA 164.308(a)(5)(ii)(C) – Account Lockouts: Find accounts locked due to excessive failed logins | HIPAA/HITECH - Account Lockouts (Windows) Available for: Windows |
| HIPAA 164.308(a)(5)(ii)(D) – Password Resets: Track password changes for awareness of compromised accounts | HIPAA/HITECH - Password Change (Windows) HIPAA/HITECH - Azure Password Change Available for: Windows, Azure |
| HIPAA 164.308(a)(6)(ii) – IDS/IPS Alerts: Identify potential intrusion attempts and malware |
HIPAA/HITECH - IDS/IPS Alerts Available for: FortiGate, SonicWall, PaloAlto, Checkpoint, Sophos XG, Umbrella |
| HIPAA 164.310(d)(2)(iii) – USB Device Usage: Detect unauthorized devices plugged into endpoints | HIPAA/HITECH - USB Device Attached (Windows) HIPAA/HITECH Controls - Mounted Device (MacOS) HIPAA/HITECH Controls - USB Device Attached (MacOS) Available for: Windows, MacOS |
| HIPAA 164.312(b) – Failed Logins: Identify brute force and other credential attacks |
HIPAA/HITECH Controls - Failed Logins (Windows) HIPAA/HITECH Controls - Failed Logins (Linux) HIPAA/HITECH Controls - Failed Logins (MacOS) Available for: Windows, Linux, MacOS |
| HIPAA 164.312(b) – Logins by Location: Spot access from unfamiliar regions |
HIPAA/HITECH - Logins from Outside the US HIPAA/HITECH - Logins from Outside the UK HIPAA/HITECH - Logins from Outside the AUS HIPAA/HITECH - Logins from Outside the CA Available for: Azure, Microsoft 365, Duo, Okta |
| HIPAA 164.312(c)(1) – System Changes: Record critical configuration and policy changes |
HIPAA/HITECH - Windows GPO Updates HIPAA/HITECH - Azure Policy Changes HIPAA/HITECH Firewall Configuration Change Available for: Palo Alto, FortiGate, Cisco ASA, SonicWall, SophosXG |
| HIPAA 164.312(e)(1) – VPN Connections: Monitor remote access methods and users | HIPAA/HITECH Controls - VPN Connections Available for: FortiGate, Cisco ASA, WatchGuard, GlobalProtect, SonicWall, Sophos |
Blumira customers on paid editions can use global and saved reports to easily access HIPAA compliance reports, as well as many other reports to analyze the logged events that you send Blumira.
To view a HIPAA global report or one of your saved reports, follow these easy steps:
Note: You can type a name or keyword to filter the list or scroll to find a specific report. When you search “HIPAA,” the compliance reports you can view will vary based on which integrations you currently have set up for your organization.
Get more tips on how to use Blumira’s Report Builder in our documentation article, Using global and saved reports.
It’s easy to help meet or support multiple compliance controls using Blumira’s security operations platform. Time-strapped IT and security teams can do more with one solution that combines SIEM, endpoint visibility and XDR-integrated automated, guided, and supported response. See our blog post on NIST compliance reports and the different compliance frameworks we support.
There’s a few different ways you can get started with Blumira: