HIPAA Risk Analysis for Active Directory

DSRAZOR for Windows

Quickly assess Active Directory and Windows File Systems for risks
Easily document and address compliance issues

Free Trial Request a Demo Request a Quote

Visual Click's products support the folowing HIPAA Sections:

HIPAA 164.308 (a) (1) (ii) (D): "Procedures to review system activity".
HIPAA 164.308 (a) (3) (ii) (C): "Procedures for terminating access".
HIPAA 164.308 (a) (4) (ii) (C): "Procedures for auditing and changing access rights and policies".
HIPAA 164.308 (a) (5) (ii) (C): "Procedures for recording login activity including failed login attempts".
HIPAA 164.308 (a) (5) (ii) (D): "Procedures creating/changing passwords".
HIPAA 164.308 (a) (6) (ii) (D): "Identify and respond to suspected or known security incidents".
HIPAA 164.312(a): "Procedures for access control".
HIPAA 164.312(b): "Procedures for recording system activity".

Learn More

Did you know that HIPAA Compliance requires your facility complete Risk Analysis on an "as needed" basis?

The risk analysis process should be ongoing. In order for an entity to update and document its security measures "as needed," which the Rule requires, it should conduct continuous risk analysis to identify when updates are needed. (45 C.F.R. §§ 164.306(e) and 164.316(b)(2)(iii).) The Security Rule does not specify how frequently to perform risk analysis as part of a comprehensive risk management process. The frequency of performance will vary among covered entities. Some covered entities may perform these processes annually or as needed (e.g., bi-annual or every 3 years) depending on circumstances of their environment. HHS.gov Guidance on Risk Analysis

According to the HHS:

Risk analysis is the first step in an organization's Security Rule compliance efforts. Risk analysis is an ongoing process that should provide the organization with a detailed understanding of the risks to the confidentiality, integrity, and availability of e-PHI.

DSRAZOR for Windows provides a suitable method of implementation to assist in your compliance with the HIPAA Rule Specification §164.308(a)(1)(ii)(A) Risk Analysis:

Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information (e-PHI) held by the covered entity. HIPPA Rule Specification §164.308(a)(1)(ii)(A) Risk Analysis

By assessing your Active Directory and Windows File Systems for risks you will be better prepared to document your findings and discover risks to your facility's e-PHI.

With DSRAZOR for Windows you will receive the following reports:

Discover /Report all objects with create,delete,write,or any other change permissions and objects they control + Ability to remove those permissions
Discover /Report all objects with create,delete,write, or any other change permissions and file system objects they exert that control over + must include local workstation file systems too and shares
Local Group accounts members report
AD accounts last logon report
Local User accounts last logon report
AD Password Strength report (i.e. password never expires, when password expires, etc)
AD Group Membership Report
Accounts that are locked, disabled, expired, have never logged in, that never expire
Accounts unused for X days
Accounts where last logon failed
Accounts with Dialin permission
Active Directory Last Logon Report by DC

Active Directory Objects with a NULL ACL (no access restrictions)
Active Directory Objects with GPO(s) defined
ACL Documentation per File System Object or Share
Directories/Files with no owner (orphaned SID)
Directory/File System Objects with a NULL ACL (no access restrictions)
Directory/File Ownership
Document Share Permissions
File System Objects where Permission Inheritance is Blocked
Find Duplicate File System Object Names
Find Files unused for past 365 days

Once complete, DSRAZOR for Windows will remain an effective tool to further your HIPAA compliance with the following HIPAA Rules:

Implementation Specification §164.308(a)(3)(ii)(B) Workforce Clearance Procedure "Implement procedures to determine that the access of a workforce member to electronic protected health information is appropriate."
Implementation Specification §164.308(a)(3)(ii)(C)Termination Procedure

"Implement procedures for terminating access to electronic protected health information when the employment of a workforce member ends or as required by determinations made as specified in paragraph ["Workforce Clearance Procedure"] of this section."

Free Trial Request a Demo Request a Quote

See what else DSRAZOR can do for you!

Get a free trial of DSRAZOR for Windows today!

TRY NOW

More Info

Active Directory Reporting
Active Directory Management
Bulk Import/Modify AD Objects

Active Directory Security Reports
Active Directory Password Policy
Active Directory Utilities

Active Directory Auditing
Windows File System Auditing
Server Authentication Auditing

DSRAZOR includes 1 YEAR of our world class support!

Unlimited Training

We'll make sure you can take advantage of everything DSRAZOR has to offer.

Unlimited Support

Our rapid-response support team can assist with any questions you may have.

Custom Applet Design

Need more? Just ask! We'll create a custom solution that fits your needs.