HIPAA Compliance and Application Security

The US Federal Law known as HIPAA imposes privacy and data protection requirements on how
medical (PHI) and personal (PII) information should be collected, managed, processed and
safeguarded by healthcare and health insurance industries in the US.

Health Insurance Portability and Accountability Act of 1996
[HIPAA; Public Law 104–191, 110 Stat. 1936, enacted August 21, 1996]

Reference: www.govinfo.gov
Wikipedia: www.wikipedia.org

HIPAA imposes various data protection, privacy and security testing requirements on all companies that must adhere to it. Holistic visibility and inventory of digital assets, web and mobile application security are an indispensable part of HIPAA compliance process:

Security Rule

The Security Rule requires covered entities to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting e-PHI.

Specifically, covered entities must:

Ensure the confidentiality, integrity, and availability of all e-PHI they create, receive, maintain or transmit;
Identify and protect against reasonably anticipated threats to the security or integrity of the information;
Protect against reasonably anticipated, impermissible uses or disclosures;

Privacy Rule

The Privacy Rule standards address the use and disclosure of individuals’ health information - called “protected health information” by organizations subject to the Privacy Rule - called “covered entities,” as well as standards for individuals' privacy rights to understand and control how their health information is used.

A covered entity must maintain reasonable and appropriate administrative, technical, and physical safeguards to prevent intentional or unintentional use or disclosure of protected health information in violation of the Privacy Rule and to limit its incidental use and disclosure pursuant to otherwise permitted or required use or disclosure.

ImmuniWeb® for HIPAA Compliance

ImmuniWeb® Discovery

Attack Surface Monitoring

Security Ratings & Scorings

Dark Web Monitoring

AI-Enabled
Automated
24/7

ImmuniWeb® MobileSuite

Mobile Backend Penetration Test

Mobile App Penetration Test

One-Click Virtual Patching

AI-Enabled
Manual
One-Time

ImmuniWeb® On-Demand

Web Application Penetration Test

Unlimited Patch Verification Tests

One-Click Virtual Patching

AI-Enabled
Manual
One-Time

ImmuniWeb® Continuous

Continuous Web Penetration Testing

New & Updated Code Monitoring

One-Click Virtual Patching

AI-Enabled
Manual
24/7

Application security and compliance for HIPAA starts with holistic visibility of your digital assets, related risks and threats. You simply cannot protect what you don't know. Therefore, we recommend commencing your HIPAA compliance efforts with IT asset discovery, inventory, classification and risk scoring. Our ImmuniWeb® Discovery leverages OSINT technology to rapidly detect your external web, mobile and cloud assets equipped with attractiveness and hackability scores. Based on our award-winning AI technology, ImmuniWeb Discovery will likewise provide you with a snapshot of your exposure in the Deep and Dark Web. Once completed, you are ready to start well-informed and risk-based application security testing for the purpose of HIPAA compliance.

For one-time security testing of your web applications and APIs, we recommend using ImmuniWeb® On-Demand equipped with CVE, CWE reporting and CVSSv3 risk scoring. Its in-depth and rapid testing is based on OWASP Testing Guide (OTGv4), NIST SP 800-115 Technical Guide to Information Security Testing and Assessment, PCI DSS Information Supplement Penetration Testing Guidance, FedRAMP Penetration Test Guidance and ISACA’s How to Audit GDPR. The testing comprehensively covers full spectrum of security vulnerabilities from SANS Top 25 and OWASP Top 10.

For iOS and Android mobile apps and their backend (e.g. APIs or REST/SOAP web services) we provide all-inclusive testing with ImmuniWeb® MobileSuite equipped with CVE, CWE reporting and CVSSv3 risk scoring. Its in-depth and rapid testing is based on OWASP Mobile Security Testing Guide (MSTG) and OWASP Testing Guide (OTGv4), NIST SP 800-115 Technical Guide to Information Security Testing and Assessment, PCI DSS Information Supplement Penetration Testing Guidance, FedRAMP Penetration Test Guidance and ISACA’s How to Audit GDPR. The testing comprehensively covers full spectrum of security vulnerabilities from SANS Top 25 and OWASP Mobile Top 10.

For most critical applications that directly impact your HIPAA compliance we offer ImmuniWeb® Continuous for incremental 24/7 testing of any new or updated code. It is equipped with CVE, CWE reporting and CVSSv3 risk scoring, its in-depth and rapid testing is based on OWASP Testing Guide (OTGv4), NIST SP 800-115 Technical Guide to Information Security Testing and Assessment, PCI DSS Information Supplement Penetration Testing Guidance, FedRAMP Penetration Test Guidance and ISACA’s How to Audit GDPR. The testing comprehensively covers full spectrum of security vulnerabilities from SANS Top 25 and OWASP Top 10.

What’s Next:

Request your interactive demo
Follow ImmuniWeb on Twitter and LinkedIn
Learn more about Attack Surface Management by ImmuniWeb® Discovery
Learn more about AI-enabled Application Security Testing by ImmuniWeb
Learn more about ImmuniWeb Community Edition

DISCLAIMER: The information provided on this website does not, and is not intended to, constitute a legal advice; instead, all information, content, and materials available on this website are provided for general informational purposes only.