The Health Insurance Portability and Accountability Act of 1996 (HIPAA) outlines relevant technical and non-technical security standards to ensure individuals’ ePHI, “electronic protected health information”. Compliance with HIPPA requires information systems to be monitored using SIEM, Security Information and Event Management. The SIEM is a tool that guarantees immediate notification and analysis of conditions influencing the reliability of an organization’s ePHI data through actionable reports and forensic investigation.
The Massachusetts General Law Chapter 93H regulation 201 CMR 17.00 was established to protect personal information of residents of the Commonwealth of Massachusetts. This regulation applies to all organizations, companies, or persons that own or license personal information about Massachusetts residents. To be complaint with 201 CMR 17.00, all affected organizations must create, implement, and maintain an auditable comprehensive written information security program, holding administration, and technical/physical safeguards.