Health Insurance Portability and Accountability Act Report

 Scan Name: webscantest
 Date: 10/24/2017 7:44:45 AM
 Authenticated User: admin
 Total Links / Attackable Links: 475 / 475
 Target URL: https://webscantest.com
http://webscantest.com
 Reports:

Important Compliance Information and Limit of Liability

This information has been gathered during a scan of your web application. By checking your online properties for issues such as insecure data collection forms, cookie presence, third-party links, cross-site-scripting vulnerabilities, and SQL-injection vulnerabilities, the scan generates an automatic checklist of potential compliance issues. By taking advantage of this information, you can then proactively filter and prioritize identified issues to ensure faster remediation of your organization's most critical regulatory compliance concerns.

It is important to note that while this automatically-generated information is intended to greatly enhance the efficiency with which you may remediate compliance issues, it does not presume to represent the full scope of compliance with HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 regulations. These results represent a subset of the requirements that can be gathered automatically from your web application. Further, as regulations are subject to change, this report may have been generated with a version of the application that has not been updated to reflect those changes. It is therefore the sole responsibility of the user to know the regulations and comply with them.

The issues presented in this report correspond to the HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA).

The information presented here is not to be regarded as legal advice. It does not express or imply any guarantee of compliance with any law or regulation. It is the sole responsibility of the user of this report to seek competent legal counsel for advice on compliance with any laws and regulatory requirements and to otherwise take whatever measures are necessary for such compliance. Rapid 7 Inc. assumes no responsibility for any use or misuse of any information presented in this report.


HIPAA Compliance Results

The results of this report do not cover the full set of requirements for HIPAA compliance. This information has been gathered during a scan of your web application, and will only cover the following requirements as is possible from a "blackbox" analysis.
For a full copy of the HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996, visit the US Government Printing Office website http://www.gpo.gov/fdsys/search/pagedetails.action?granuleId=CRPT-104hrpt736&packageId=CRPT-104hrpt736.

Pass or Fail for a requirement is based on the sub-requirements we are able to test for in an automated Web Application Assessment. All other sub-requirements are not factored in.

Subpart A

S.Rule - Part 164, Subpart A, 164.105: The application must protect private electronic health information.
Failed

Subpart C

S.Rule - Part 164, Subpart C, 164.306(a)(1): Covered entities must ensure the confidentiality, integrity and availability of all electronic protected health information it creates, receives, maintains or transmits.
Failed
S.Rule - Part 164, Subpart C, 164.306(a)(2): Covered entities must protect against any reasonably anticipated threats or hazards to the security or integrity of electronic protected health information.
Failed
S.Rule - Part 164, Subpart C, 164.306(a)(3): Covered entities must protect against any reasonably anticipated uses or disclosures of electronic protected health information.
Failed
S.Rule - Part 164, Subpart C, 164.308(a)(1)(i): Possible Issue - A covered entity must implement policies and procedures to prevent, detect, contain, and correct security violations.
Failed
S.Rule - Part 164, Subpart C, 164.308(a)(1)(ii)(B): Possible Issue - A covered entity must implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level.
Failed
S.Rule - Part 164, Subpart C, 164.308(a)(5)(ii)(B): Addressable Issue - Implement procedures for guarding against, detecting, and reporting malicious software.
Failed
S.Rule - Part 164, Subpart C, 164.308(a)(5)(ii)(C): Addressable Issue - Implement procedures for monitoring log-in attempts and reporting discrepancies.