About HIPAA Compliance Reports

The United States Health Insurance Portability and Accountability Act (HIPAA) security rule includes a series of administrative, technical, and physical security safeguards that organizations in the United States must follow to make sure that electronic protected health information (EPHI) is confidential. Healthcare organizations routinely use various IT applications for billing, payment, clinical decision-making, and workflow management. As personal and confidential information passes across networks, between health providers, employers, and insurance companies, organizations must protect this data to maintain HIPAA compliance.

All HIPAA covered entities must comply with the Security Rule. In general, the standards, requirements, and implementation specifications of HIPAA apply to these covered entities:

  • Covered Health Care Providers — Any provider of medical or other health care services or supplies who transmits any health information in electronic form in connection with a transaction for which HHS has adopted a standard.
  • Health Plans — Any individual or group plan that provides or pays the cost of health care (e.g., a health insurance issuer and the Medicare and Medicaid programs).

For more information on who is a covered entity under HIPAA, see:

The HIPAA security rule consists of a number of safeguards in different areas:

  • Administrative
  • Physical
  • Technical

Each set of safeguards includes a number of standards, which generally include a number of implementation specifications that are either required or addressable. If an implementation specification is required, the covered entity must implement policies and/or procedures that meet what the implementation specification requires. If an implementation specification is addressable, then the covered entity must assess whether it is a reasonable and appropriate safeguard in environment of that entity.

The Security Rule requires that a covered entity document the rationale for many of its security decisions.

Many of the HIPAA Administrative and Technical safeguards are broad and general in their statements and they do not specify technical implementation other than good security practices, such as user authentication, regular auditing and reporting, and incident management and response. Because of the privacy origins of HIPAA, the security safeguards also put a lot of emphasis on the encryption of data.

WatchGuard addresses these specific HIPAA compliance standards:

WatchGuard reports include several predefined reports that provide information to help you make sure that your network is compliant with HIPAA standards. These reports are included in the Compliance Reports group.

Standard Related Report Report Description
Unique User Identification (R) — § 164.312(a)(2)(i) Denied User Authentication Detailed list of users denied authentication
Includes date, time, and reason for authentication failure
Standard § 164.312(b) — Audit Controls Audit Trail Detailed list of audited configuration changes for a Firebox, with the name of the user who made each change.
Mechanism To Authenticate Electronic Protected Health Information (A) — § 164.312(c)(2) Denied User Authentication Detailed list of users denied authentication
Includes date, time, and reason for authentication failure
Security Incident Procedures — § 164.308(a)(6)
Response And Reporting (R) — § 164.308(a)(6)(ii)
Alarms All alarm records

View HIPAA Compliance Reports in Dimension

You can view HIPAA compliance reports from WatchGuard Dimension, or schedule the reports to be exported in a PDF file. For more information, see View Reports and Schedule Dimension Reports.

View HIPAA Compliance Reports in WatchGuard Cloud

You can view HIPAA compliance reports from WatchGuard Cloud, or schedule the reports to be exported in a PDF file. For more information, go to HIPAA Compliance Report and Scheduled Reports.

Generate HIPAA Compliance Reports from Report Manager

To monitor your network and verify that it is HIPAA compliant, you can generate the related reports for each requirement.

  1. From the WSM Report Server, create a report schedule that includes the required Compliance Reports.
    For detailed steps, go to Configure Report Generation Settings.
  2. Connect to WatchGuard WebCenter to View Compliance Reports in Report Manager.

With the release of Fireware v12.8, WatchGuard announced the deprecation of the WatchGuard Log Server, Report Server, and Quarantine Server. WSM still includes these server components, but they are no longer supported in v12.9 and higher. We will remove them in a future WSM release.

Related Topics

Predefined Reports List

View Reports in Report Manager