Health Insurance Portability and Accountability Act (HIPAA) Solution

Implementation: § 164.308(a)(3)(ii)(A), § 164.308(a)(4)(ii)(B), § 164.308(a)(4)(ii)(C)

HIPAA Standard	Check Point Solution
Administrative Safeguards HIPAA Security Rule 164.308
§ 164.308(a)(3)(ii)(A) Authorization and/or supervision (addressable) Implement procedures for the authorization and/or supervision of staff who work with EPHI or in locations where it might be accessed. § 164.308(a)(4)(ii)(B) Access authorization (addressable) Implement policies and procedures for granting access to EPHI through a workstation, transaction, program, process, or other mechanism. § 164.308(a)(4)(ii)(C) Access establishment and modification (addressable) Implement policies and procedures for reviewing and modifying user access privileges.	Check Point's perimeter, internal, Web, and endpoint solutions allow for the creation of granular access and authorization rules. VPN-1 and InterSpect enforce access policies at the perimeter and on the internal network. Connectra and VPN-1 enforce access policies when providing remote access to users outside the perimeter. Check Point Endpoint Security uses desktop firewall rules and network zones to limit PC access to network resources and segments. These access policies define what resources an individual, group, or department is authorized to view. Check Point products can segment and provide EPHI security in a variety of deployments. VPN-1 can establish a secure network perimeter around EPHI, separating it from an external network. InterSpect allows internal network segmenting, or zoning, to provide EPHI security inside a network. VPN-1 and Connectra provide access control and authorization for external users who need remote access to EPHI. And Check Point Endpoint Security provides access control security for endpoint systems that contain or attempt access to EPHI. For large enterprises and managed service providers, Check Point provides granular administrative controls via Provider-1 management solutions so that different IT teams or administrators can be given different levels of access based on their responsibilities within the organization.

HIPAA Standard

Check Point Solution

Administrative Safeguards HIPAA Security Rule 164.308

§ 164.308(a)(3)(ii)(A) Authorization and/or supervision (addressable)

Implement procedures for the authorization and/or supervision of staff who work with EPHI or in locations where it might be accessed.

§ 164.308(a)(4)(ii)(B) Access authorization (addressable)

Implement policies and procedures for granting access to EPHI through a workstation, transaction, program, process, or other mechanism.

§ 164.308(a)(4)(ii)(C) Access establishment and modification (addressable)

Implement policies and procedures for reviewing and modifying user access privileges.

Check Point's perimeter, internal, Web, and endpoint solutions allow for the creation of granular access and authorization rules. VPN-1 and InterSpect enforce access policies at the perimeter and on the internal network. Connectra and VPN-1 enforce access policies when providing remote access to users outside the perimeter. Check Point Endpoint Security uses desktop firewall rules and network zones to limit PC access to network resources and segments. These access policies define what resources an individual, group, or department is authorized to view.

Check Point products can segment and provide EPHI security in a variety of deployments. VPN-1 can establish a secure network perimeter around EPHI, separating it from an external network. InterSpect allows internal network segmenting, or zoning, to provide EPHI security inside a network. VPN-1 and Connectra provide access control and authorization for external users who need remote access to EPHI. And Check Point Endpoint Security provides access control security for endpoint systems that contain or attempt access to EPHI.

For large enterprises and managed service providers, Check Point provides granular administrative controls via Provider-1 management solutions so that different IT teams or administrators can be given different levels of access based on their responsibilities within the organization.

Go to Check Point Product Info:

Return to Implementation