Book a demo Start free
HIPAA · Compliance

A HIPAA-ready firewall — checked on every rule change.

The HIPAA Security Rule expects you to restrict access to systems holding ePHI, control what leaves them, and audit every change. Enforza ships a bundled HIPAA Security Rule pack and checks each policy change against it — advising or blocking a rule that would break a control before it ever reaches a firewall.

Start free Book a demo

Enforza helps you meet the firewall-rule expectations of the HIPAA Security Rule and evidences them. It is not a full GRC platform — HIPAA covers administrative, physical and technical safeguards well beyond the network.

Security Rule · technical safeguards

What the HIPAA Security Rule asks of your firewall

HIPAA names no firewall product, but its technical safeguards imply clear network controls. Here is what they ask, and the Enforza control that lines up with each.

  • §164.312(a)(1)

    Restrict access to ePHI systems

    The technical access-control standard expects access to systems holding electronic protected health information to be limited to what is authorised. Enforza policies default-deny, with explicit allows you scope by network, port and hostname — and a guardrail flags any rule that opens broad access to a network holding ePHI.

  • §164.312(e)(1)

    Control transmission to and from ePHI

    Transmission security expects you to guard against unauthorised access to ePHI in transit. Broad egress to 0.0.0.0/0 is scoped with an L7 (FQDN / SNI) matcher rather than a bare-port passthrough, so a guardrail can require every wide egress rule to name where it is allowed to send.

  • §164.308(a)(1)

    Manage risk on the network boundary

    The security-management process expects you to reduce risks to a reasonable level. A default-deny posture on inbound, east-west and outbound — with non-compliant rules caught before they ship — is a concrete, evidenced network-risk control.

  • §164.312(b)

    Record activity on systems with ePHI

    The audit-controls standard expects you to record and examine activity. Every Enforza compliance check, advise warning and enforce block is recorded automatically — a defensible record of how firewall-rule changes around ePHI are controlled.

  • §164.308(a)(8)

    Evaluate the network controls periodically

    Periodic technical evaluation expects you to re-check that controls still meet the rule. Re-running the HIPAA pack against a live policy gives you an on-demand evaluation of the firewall-rule controls, with the result captured.

Section references are to the HIPAA Security Rule (45 CFR Part 164). Enforza maps to the network-control expectations of the technical safeguards; the rest of the rule is outside a firewall's scope and is catalogued accordingly.

How it works

Attach the pack. Advise, then enforce. Evidence everything.

The HIPAA Security Rule pack is one of 25 bundled framework packs covering 210 firewall-applicable controls. Attach it to the policy governing your ePHI networks and every change is checked.

  1. Attach the HIPAA Security Rule pack

    The HIPAA Security Rule ships as one of 25 bundled framework packs. Attach it to the policy governing the networks that hold ePHI — whole pack, or cherry-pick the technical-safeguard controls that map to firewall rules.

  2. Advise while you tighten, enforce when ready

    Run the pack in advise mode to surface violations without blocking, bring rules into line, then switch to enforce so a rule that breaks a control is rejected before any firewall sees it.

  3. Evidence every check

    Every check, advise warning and enforce block is recorded. When an auditor asks how access to ePHI systems is controlled at the network layer, you show what was evaluated, what failed, and that the failing change never reached production.

See all 25 frameworks How it deploys
And it costs less

HIPAA-ready, without the cloud-firewall tax

A HIPAA-scoped network usually means a managed firewall plus a NAT gateway — two per-hour fees (often duplicated per Availability Zone) plus two per-GB meters. Enforza is one flat-priced appliance.

Flat per firewall

£179/month per firewall (£149 from your sixth), plus the VM you run it on. No per-GB data-processing charge — the bill stops scaling with traffic.

Typically 60–80% less

Against a cloud-native firewall stacked with a NAT gateway at modest egress, the flat line is usually 60–80% cheaper — and the gap widens as traffic grows.

No add-on for compliance

The HIPAA pack and advise-or-enforce guardrails are part of the platform. There is no separate compliance SKU and no per-control charge.

Estimate your savings Compare to AWS Network Firewall
FAQ

HIPAA firewall — common questions

Is Enforza a HIPAA compliant firewall?

Enforza is a firewall that helps you meet the firewall-rule expectations of the HIPAA Security Rule — primarily the technical safeguards for access control, transmission security and audit controls. It ships a bundled HIPAA Security Rule pack and checks every policy change against it. It does not make your organisation HIPAA compliant: HIPAA covers administrative, physical and technical safeguards well beyond the network — encryption, workforce training, business-associate agreements, contingency planning — and compliance is your organisation's responsibility, not a product certification. Enforza covers the network-control slice and evidences it.

What are the HIPAA firewall requirements?

HIPAA does not prescribe a specific firewall product, but the Security Rule's technical safeguards imply network controls: restrict access to systems holding ePHI to authorised users and systems (§164.312(a)), protect ePHI in transit against unauthorised access (§164.312(e)), record and examine relevant activity (§164.312(b)), and manage network risk as part of the security-management process (§164.308(a)). A default-deny firewall with scoped allows, controlled egress and audited rule changes maps directly to those expectations.

Does Enforza protect ePHI?

Enforza controls which traffic can reach and leave the networks that hold ePHI, with a default-deny posture and FQDN/SNI-scoped egress, and it checks those rules against the HIPAA pack on every change. It is a network security control — it does not encrypt data at rest, manage identities, or handle the application-layer controls around ePHI. Treat it as the network-boundary safeguard within a broader HIPAA programme.

Can I evidence firewall controls for a HIPAA audit?

Yes. Every compliance check is recorded — the controls evaluated, what passed, what was advised, and any enforce block that rejected a change before it reached a firewall. That gives you a defensible record of how network access to ePHI systems is controlled and how rule changes are managed, which supports the audit-controls and evaluation standards. It evidences the network controls; it is not a substitute for your full HIPAA risk analysis.

How much does Enforza cost for a HIPAA-scoped network?

Enforza is a flat per-firewall licence — £179/month per firewall, dropping to £149 from your sixth — plus the VM you run it on, with no per-GB data-processing charge. Against a cloud-native firewall stacked with a NAT gateway, the flat line is typically 60–80% cheaper at modest egress. The HIPAA Security Rule pack and advise-or-enforce guardrails are part of the platform, not a paid add-on.

More compliance: Compliance hub · PCI DSS firewall · ISO 27001 firewall · NIST firewall rules · Firewall audit & change control · Secure NAT gateway · Savings calculator

Network safeguards, handled.

Stop non-compliant ePHI rules before they ship.

A bundled HIPAA Security Rule pack, advise-or-enforce on every rule change, and a flat per-firewall price with no per-GB tax. Start free, no card.

Start free See all frameworks