{"id":6694,"date":"2020-08-19T15:00:13","date_gmt":"2020-08-19T21:00:13","guid":{"rendered":"https:\/\/www.jumpcloud.com\/blog\/?p=6694"},"modified":"2024-11-14T17:18:14","modified_gmt":"2024-11-14T22:18:14","slug":"directory-supports-hipaa-security-rule","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/directory-supports-hipaa-security-rule","title":{"rendered":"How a Cloud Directory Supports the HIPAA Security Rule"},"content":{"rendered":"\n

The HIPAA Security Rule, as many know, is not a rigid specification like the Payment Card Industry\u2019s Data Security Standard (PCI DSS). The HIPAA Security Rule provides high-level guidance which then needs to be translated by IT organizations into specific actions. The HIPAA statute does not define solutions or specific approaches, but instead focuses on outcomes.<\/p>\n\n\n\n

Generally, the HIPAA Security Rule looks for a few things from the area of identity and access management. HIPAA compliance ensures unique user access, authentication controls, and audit logging. It also ensures that administrators follow proper procedures in controlling access. JumpCloud\u2019s\u00ae<\/sup> cloud directory<\/a> supports a number of the areas of the HIPAA Security Rule.<\/p>\n\n\n\n

Complying with the HIPAA Security Rule<\/h2>\n\n\n\n

Like any other technical solution, the use of JumpCloud\u2019s Directory-as-a-Service\u00ae<\/sup><\/a> platform does not solely make you compliant with the HIPAA Security Rule and, specifically, areas such as Administrative and Technical Safeguards. It is how<\/em> JumpCloud is used and the processes that IT organizations follow<\/em> that ultimately constitute compliance. For more information about how to properly use JumpCloud for HIPAA compliance, leading audit firm Coalfire conducted a study of JumpCloud\u2019s support for HIPAA. You can read the report here<\/a>.<\/p>\n\n\n\n

For example, JumpCloud cannot guarantee that an organization will not create user accounts that are then shared. Or that end users would not share their login credentials. However, a cloud directory can be a core part of the solution to achieving compliance along with excellent documentation and processes. In the example above, IT admins would set up multi-factor authentication (MFA) or JumpCloud\u2019s Directory Insights\u2122<\/a> (audit logging and governance technology) features to help enforce the idea of unique user accounts.<\/p>\n\n\n\n

JumpCloud\u2019s cloud directory service makes it easy to create, manage, and terminate unique accounts<\/a>. Logging of access to various IT resources can be monitored by JumpCloud through it\u2019s Directory Insights feature. Administrative controls for password management are also a core part of the IDaaS platform including password complexity management, SSH key management, MFA, and anti-phishing technology.<\/p>\n\n\n\n

Major HIPAA Security Areas<\/h2>\n\n\n\n

There is a number of major areas in the HIPAA Security Rule, areas that cascade into a number of specific actions that IT organizations need to take. These areas include:<\/p>\n\n\n\n