www.commscope.

com
SYSTIMAX

Solutions
iPatch

System Manager -
HIPAA Compliance
White Paper
July 2008
www.commscope.com 2
HIPAAs data security standards are similar to other federal compliance standards (Sarbanes-Oxley,
GLBA, USA PATRIOT Act and others) in that they impose requirements with respect to data access
and security. HIPAA specically requires that covered entities implement safeguards that limit a users
access to patient data in a manner consistent with that users needs. Data format requirements,
encryption techniques, as well as backup and data recovery methods are also well dened.
When it comes to access control of the physical layer, SYSTIMAX Intelligent Infrastructure Solutions
provide the ability to monitor real-time access to the physical connectivity layer. Any breach of
physical security that relates to network connectivity is automatically recorded to produce the audit
trail required for HIPAA compliance. The iPatch System Manager is capable of producing a
connectivity history that reects both current and past physical network conguration conditions.
HIPAA Security Standards and Intelligent Infrastructure Solutions
HIPAAs security standards outline various administrative, physical and technical security
safeguards, identifying each as either Required or Addressable. Below, Table 1 shows a
selection of those security standards and details iPatch features that can assist in meeting these
requirements.
TABLE 1 HIPAA SECURITY STANDARDS MATRIX
Standards Sections Implementation
Specications
(R) = Required
(A) = Addressable
How Intelligent Infrastructure
Solutions Can Help
Administrative Safeguards
Security
Management
Process
164.308(a)(1) Risk Analysis (R)
Risk Management (R)
Information System Activity
Review (R)
The Event Notication Service
can create multiple real-time
notications about any security
events that are related to
a hospitals physical layer
connectivity. The events are also
recorded in a log le that can be
later used for auditing. Reports
provide a historical review of
events and activities.
Security
Incident
Procedures
164.308(a)(6) Response &
Reporting (R)
The Event Notication Service
can create multiple real-time
notications that can trigger a
response by the end user. Reports
provide a historical review of
events and activities.
Contingency
Plan
164.308(a)(7) Data Backup Plan (R)
Disaster Recovery Plan (R)
In event of a physical disaster in
the patching racks, the patching
can easily be recreated. The
iPatch database can be part of the
disaster recovery plan since the
entire physical structure is mapped
in the database. All networked
devices are documented as well,
including the service and switch
used by every device at the site.
Overview
Health plans, healthcare
clearinghouses, healthcare
providers including
Medicare/ Medicaid
agencies must comply with
federal Health Insurance
Portability and
Accountability Act (HIPAA)
regulations regarding the
condentiality, integrity, and
availability of private health
information. To comply with
these mandates, healthcare
organizations must assess
risks, correct weaknesses,
and establish mechanisms
for proving regulatory
compliance.
www.commscope.com 3
TABLE 1 HIPAA SECURITY STANDARDS MATRIX CONTINUED
Standards Sections Implementation
Specications
(R) = Required
(A) = Addressable
How Intelligent Infrastructure
Solutions Can Help
Physical Safeguards
Facilities
Access
Controls
164.310(a)(1) Facility Security
Plan (A)
Critical circuits can be monitored
by motion sensitive cameras.
These IP cameras can be
supervised by System Manager
using its SNMP features.
SNMP traps can be received by
System Manager and used to
generate an alert that noties
the administrator immediately of
activity recorded by the cameras.
The alert indicates the particular
camera involved, which can
be located directly on a oor
plan representation. The event is
recorded in the log le for audit
purposes.
Device and
Media Controls
164.310(d)(1) Accountability (A) The System Manager Device
Discovery feature keeps track of
all networked devices and detects
their movement. Device location
can be tracked by faceplate
location on a oor plan. The
Device Discovery feature helps to
locate portable medical devices
that have an IP address or World
Wide Identier. When equipment
is frequently moved from room
to room, this is a very helpful
feature for asset tracking. It also
is helpful in emergency situations
since it can be used to quickly
locate equipment needed for
critical care.
www.commscope.com 4
Healthcare Information Technology Priorities and Intelligent Infrastructure Solutions
The Healthcare Information and Management Systems Society (HIMSS) is the healthcare
industrys membership organization (www.himss.org) that is exclusively focused on providing
leadership for the optimal use of healthcare information technology (IT) and management
systems for the betterment of healthcare. The results of the most recent HIMSS (19th annual)
leadership survey, which collected opinions from IT technology executives in the healthcare
industry, were published in a report dated February 25, 2008. The study collected information
about IT priorities, technology adoption, application usage, and other crucial factors in the use
of IT to enhance healthcare. Trends were identied by comparing the latest results to the results
from the previous years survey.
Almost all correspondents (96% of those surveyed) expressed security concerns, indicating
those are what keep these information technology managers and CIOs up at night. They
primarily worry about internal breaches of security, specically breaches in data security. The
survey states that 18% of the respondents said they had experienced a data breach and 14%
did not know whether they had experienced such a breach.
Below, Figure 1 shows a comparison of the top concerns reported in 2008 in comparison to
those reported in 2007. iPatch can help provide peace of mind to these managers and CIOs
by giving them real-time information via instant notications and automated reports (scheduled
and customizable) as to what devices are accessing what particular services and whether any
unauthorized patching activities have taken place.
Figure 1 Top Concerns Reported in 2008 vs. 2007
HIPAA compliance is the next highest area of concern expressed by healthcare information
technology managers and CIOs. Another priority concern that could easily be addressed with
iPatch is the ability to connect a remote hospital network with the main hospital. The iPatch
System Manager provides excellent features for managing remote sites. In fact, non-IT personnel
can implement connectivity moves, adds, and changes at these remote sites using the iPatch
System Managers electronic work orders and advanced guidance features.
Below, Figure 2 shows the chief reasons for budget increases for 2008. Technology costs
continue an upward trend as healthcare organizations strive to upgrade their IT Infrastructure
and meet their compliance needs. Another important nding that is worth mentioning is
that 15% of the respondents indicated that there is a need to prove IT ROI. Economic Value
Creation (EVC) methodology that was developed for iPatch is a helpful tool to support hospitals
in justifying investments into new IT technologies.
Figure 2 Reasons for Budget Increases
Summary
Connectivity infrastructure is the conduit from the end user to healthcare data. There are a great
variety of potential scenarios that might allow an individual to improperly access servers with
sensitive data, posing a real threat. Most of these scenarios involve internal personnel gaining
inappropriate access (rather than an external security breach). These concerns are reected
in the HIMSS Survey. The iPatch System Managers audit trail and reporting features provide
answers to questions about who did what, where, when, and how, making it a powerful
and compelling solution. Recent technology and budget trends in the medical community also
emphasize the benets of Intelligent Infrastructure Solutions for addressing HIPAA compliance
and security concerns.
www.commscope.com
Visit our Web site or contact your local
CommScope representative for more information.
2011 CommScope, Inc. All rights reserved.
All trademarks identied by

or are registered trademarks

or trademarks, respectively, of CommScope, Inc.
This document is for planning purposes only and is not
intended to modify or supplement any specications or
warranties relating to CommScope products or services.
TD-E-1 09/11