Splunk Enterprise Security

Is Splunk certified Hippa compliant?

austincisneros
New Member

I have medical compliance questions from Auditors about the certification through CMS www.cms.gov
They have tried to look up the certificate at CMS and can not get one.

I have gone over the HIPAA material on the splunk site but need more information to talk about Splunk in regards to HIPAA compliance questions.

0 Karma

jethompson_splu
Splunk Employee
Splunk Employee

@austincisneros -- So to address your question in regards to HIPPA Compliance with a Splunk On-Premise Installation (NOT Splunk Managed Cloud Offering). This is going to come down to how you have your Splunk Environment setup and how you have the Access to the HIPPA Data in your Environment configured.

As long as you are restricting the access to the HIPPA Data inside of your Splunk Environment and you are following OS Level Permission Segregation on that Data then you should be able to maintain HIPPA Compliance.

For this type of setup and configuration you may need to enlist the assistance of Splunk Professional Services who would be able to help with this type of Deployment Requirement and request.

0 Karma

deepashri_123
Motivator

Hey@austincisneros,
Can you refer this link and check if this helps!!
https://answers.splunk.com/answers/355851/is-splunk-cloud-hipaa-compliant.html

0 Karma

austincisneros
New Member

That is for Cloud and the verified it is not HIPAA compliant yet. The questions I am getting are on the rest of Splunk offerings like Core, ES, ITSI, UBA, Phantom. Auditors want to see certifications if it is HIPAA compliant or not. If not they need to see that it maintains HIPAA compliance along with the tools that are certified.

This is a new area for me so I am struggling to find resources to answer this question.

0 Karma