HIPAA Compliance and Application Security

The US Federal Law known as HIPAA imposes privacy and data protection requirements on how
medical (PHI) and personal (PII) information should be collected, managed, processed and
safeguarded by healthcare and health insurance industries in the US.

Health Insurance Portability and Accountability Act of 1996
[HIPAA; Public Law 104–191, 110 Stat. 1936, enacted August 21, 1996]

Security Rule

The Security Rule requires covered entities to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting e-PHI.

Specifically, covered entities must:

  • Ensure the confidentiality, integrity, and availability of all e-PHI they create, receive, maintain or transmit;
  • Identify and protect against reasonably anticipated threats to the security or integrity of the information;
  • Protect against reasonably anticipated, impermissible uses or disclosures;

Privacy Rule

The Privacy Rule standards address the use and disclosure of individuals’ health information - called “protected health information” by organizations subject to the Privacy Rule - called “covered entities,” as well as standards for individuals' privacy rights to understand and control how their health information is used.

A covered entity must maintain reasonable and appropriate administrative, technical, and physical safeguards to prevent intentional or unintentional use or disclosure of protected health information in violation of the Privacy Rule and to limit its incidental use and disclosure pursuant to otherwise permitted or required use or disclosure.

ImmuniWeb® Products for HIPAA Compliance

Application security and compliance starts with visibility. You cannot protect what you don't know. Therefore, we recommend starting HIPAA with an asset discovery and inventory.

ImmuniWeb® Discovery rapidly detects your external web, mobile and cloud assets equipped with asset’s attractiveness and hackability scores. Based on Big Data and our proprietary AI technology, the entire process is rapid and non-intrusive. Once you have a comprehensive and up2date inventory of your assets, you are ready to start a well-informed and risk-based application security testing.

For one-time security testing of you web applications and APIs, we recommend using ImmuniWeb® On-Demand. For iOS and Android mobile apps and their backend (e.g. API or REST/SOAP web services) we provide all-inclusive testing with ImmuniWeb® MobileSuite.

For most critical applications that directly impact your HIPAA we offer ImmuniWeb® Continuous for incremental 24/7 testing of any new or updated code.

All ImmuniWeb® products leverage our award-winning Multilayer Application Security Testing and AI technology for intelligent automation and acceleration of Application Security Testing. Driven by human penetration testing, it rapidly detects even the most sophisticated vulnerabilities and comes with a zero false-positives SLA:

Application Security
Compliance and Regulations

EU GDPR
PCI DSS
PA DSS
ISO 27001
UK MCSS
Singapore MAS TRM
NYSDFS 23 NYCRR 500
FISMA NIST 800-37
FISMA NIST 800-53
FISMA NIST 800-137
FISMA NIST 800-171
Sarbanes Oxley
HIPAA

ImmuniWeb® Products for HIPAA Compliance

ImmuniWeb® Discovery
ImmuniWeb® Discovery Application Security Score Card
Web Mobile API Cloud
Freemium
ImmuniWeb® MobileSuite
ImmuniWeb® MobileSuite One-Time Mobile Audit
Mobile API Cloud
From $1,499
ImmuniWeb® On-Demand
ImmuniWeb® On-Demand One-Time Web Application Audit
Web API Cloud
From $499
ImmuniWeb Continuous
ImmuniWeb® Continuous 24/7 Web Security Testing
Web API Cloud
From $1,199 / month
Quick Start
Technology
Products
Free Trial

This website uses cookies to provide you with a better surfing experience. To learn more, please visit our Privacy Policy. By continuing to use this website you consent to our use of cookies.

Accept