Resources for Health Insurance Portability and Accountability Act (HIPAA)

Health Insurer's SIM Eases HIPAA Compliance

www.darkreading.com

Collecting millions of security incident alerts without the manpower to interpret them doesn’t do much to improve security. Just ask health insurer Priority Health, whose security staffers had been drowning in alerts from the firm’s firewalls, intrusion detection system (IDS), and system logs, trying to separate real threats from the false alarms.

Priority Health, which has 500,000 customers, was getting frustrated with the time-consuming and tedious process -- as were its auditors. So the firm, which provides health care insurance to 100 acute-care hospitals and over 12,000 doctors and other health care providers in Michigan, had to better integrate its security tools and the data it was generating.

HIPAA-compliance pressure was on, too: “Because of emerging HIPAA reporting regulations regarding log activity, we needed to monitor the activity on our systems and network more closely than we had in the past,” says Tim Maletic, information security engineer at Priority Health.

Priority Health purchased ArcSight’s ESM, a security information management (SIM) product, about two years ago to provide more integration and better visibility across its security infrastructure. “We had relied on a number of individual security silos: firewall logs, IDS events, and operating system events, so there was no easy way for a security administrator to get a complete view of what was happening,” says Paul Melson, information security officer at Priority Health.

View the Resource

Share or bookmarklet this web page at: