About HIPAA Compliance Reports

The United States Health Insurance Portability and Accountability Act (HIPAA) security rule includes a series of administrative, technical, and physical security safeguards that organizations in the United States must follow to make sure that electronic protected health information (EPHI) is confidential. Healthcare organizations routinely use various IT applications for billing, payment, clinical decision-making, and workflow management. As personal and confidential information passes across networks, between health providers, employers, and insurance companies, organizations must protect this data to maintain HIPAA compliance.

All HIPAA covered entities must comply with the Security Rule. In general, the standards, requirements, and implementation specifications of HIPAA apply to these covered entities:

  • Covered Health Care Providers — Any provider of medical or other health care services or supplies who transmits any health information in electronic form in connection with a transaction for which HHS has adopted a standard.
  • Health Plans — Any individual or group plan that provides or pays the cost of health care (e.g., a health insurance issuer and the Medicare and Medicaid programs).

For more information on who is a covered entity under HIPAA, see:

The HIPAA security rule consists of a number of safeguards in different areas:

  • Administrative
  • Physical
  • Technical

Each set of safeguards includes a number of standards, which generally include a number of implementation specifications that are either required or addressable. If an implementation specification is required, the covered entity must implement policies and/or procedures that meet what the implementation specification requires. If an implementation specification is addressable, then the covered entity must assess whether it is a reasonable and appropriate safeguard in environment of that entity.

The Security Rule requires that a covered entity document the rationale for many of its security decisions.

Many of the HIPAA Administrative and Technical safeguards are broad and general in their statements and they do not specify technical implementation other than good security practices, such as user authentication, regular auditing and reporting, and incident management and response. Because of the privacy origins of HIPAA, the security safeguards also put a lot of emphasis on the encryption of data.

WatchGuard addresses these specific HIPAA compliance standards:

WatchGuard reports include several predefined reports that provide information to help you make sure that your network is compliant with HIPAA standards. These reports are included in the Compliance Reports group.

Standard Related Report Report Description
Unique User Identification (R) — § 164.312(a)(2)(i) Denied User Authentication Report Detailed list of users denied authentication
Includes date, time, and reason for authentication failure
  User Authentication Report Detailed list of users authenticated Includes login time, logout time, and connection method information
Standard § 164.312(b) — Audit Controls Audit Trail Detailed list of audited configuration changes for a Firebox
Mechanism To Authenticate Electronic Protected Health Information (A) — § 164.312(c)(2) Denied User Authentication Report Detailed list of users denied authentication
Includes date, time, and reason for authentication failure
Security Incident Procedures — § 164.308(a)(6)
Response And Reporting (R) — § 164.308(a)(6)(ii)
Alarms All alarm records
  Alarm Summary Summary report of all alarms
  Intrusion Prevention Service Summary All intrusion prevention actions
  Gateway AntiVirus Summary Gateway AntiVirus action summary

View HIPAA Compliance Reports in Dimension

You can view PCI compliance reports from WatchGuard Dimension, or schedule the reports to be exported in a PDF file. For more information, see View Reports and Schedule Reports

Generate HIPAA Compliance Reports from Report Manager

To monitor your network and verify that it is HIPAA compliant, you can generate the related reports for each requirement.

  1. From the WSM Report Server, create a report schedule that includes the required Compliance Reports.
    For detailed steps, see Configure Report Generation Settings.
  2. Connect to WatchGuard WebCenter to View Compliance Reports in Report Manager.

See Also

Predefined Reports List

View Reports in Report Manager

Give Us Feedback     Get Support     All Product Documentation     Technical Search