1 Page SOLUTION BRIEF NET ACCESS HIPAA COMPLIANT FLEXCloud A Managed Infrastructure Solution that Meets the Regulatory Demands of the Health Care Industry NET ACCESS LLC 9 Wing Drive Cedar Knolls, NJ
2 Page 1 Table of Contents 1. Introduction Net Access Managed Services Solution Process Flow FLEX Services Solution Components Use Case & Solution Overview Solution Diagram HIPPA Regulations and Safeguards... 7
3 Page 2 1. Introduction For 20-plus years, Net Access has been passionate about finding smarter, better ways to solve our clients technology challenges. Leveraging our portfolio of enterprise data center services - including cloud, colocation, networking and managed services - we re able to craft a multi- technology thinking infrastructure that s flexible enough to change on-the-fly to optimize speed, efficiency and reliability. These managed solutions takes full advantage of our next-generation data centers, our knowledgeable and tenured staff and our 24/7/365 Network Operations Center. We believe that this attention to detail and dedication is why businesses that rely on their critical IT infrastructure also rely on Net Access. Federal regulations regarding the protection of patient health information are growing in number and in scope. As these regulations have increased in complexity, health industry entities have had to allocate more time and financial resources to securing their IT infrastructure and data, at the expense of their primary business of providing quality health services. Often times this involves hiring expensive IT experts to design, implement, and migrate existing infrastructure and data, as well as adding ongoing maintenance and management costs of these systems. Unfortunately, creating and maintaining an entirely new support staff to ensure regulatory compliance simply isn t ideal for most companies. To assist health industry customers in tackling this problem, Net Access has tailored its FLEXCloud solution into a HIPAA-compliant offering. Net Access s data centers and cloud infrastructure have both been audited by third-party CPAs to ascertain that both specifically meet HIPAA regulatory requirements. This catered solution takes into account all HIPAA provisions, including Security Rule specifications for administrative, physical, and technical safeguarding of Protected Health Information (PHI). A comprehensive Breach Rule policy has also been developed by Net Access, as well as standardized Business Associate Agreements (BAAs) for customer convenience. When combined, all elements of Net Access HIPAA compliant FLEXCloud provide for a simplified, cost-efficient solution to the ever growing regulatory demands of the health care industry. All of our managed infrastructure solutions use an OPEX price model. This converts capital expenditure cost into a manageable monthly fee, providing easier budgeting due to a consistent spend. Without high upfront costs for additional hardware or additional staff, customers can enact upgrades and expansions quickly and easily. By reducing CAPEX for infrastructure, our clients can reinvest into what matters most: the core business.
4 Page 3 2. Net Access Managed Services Solution Process Flow Consultation and Design Net Access Engineers will meet with the customer in a collaborative session to define the requirements and review the proposed solution. A dedicated engineer provides consultation and planning to ensure that the deployment of the solution meets the client s deadlines, expectations, and functionality. Net Access strives to ensure all customers are provided a service that is the right fit for them. Some environments are small and static and some environments are large and need to scale. Net Access engineers can design a solution based on a number of needs. Implementation Net Access will perform a cooperative test and turn up of the design, working with the customer to verify all components meet their requirements, expectations, and security concerns. A dedicated Managed Services Engineer is available during this process to make any necessary adjustments and ensure that the client is satisfied. Net Access will also work with third party integrators or vendors that will be involved in the deployment of the solution to simplify the process. Ongoing Management and Support Managed services are fully maintained by Net Access and monitored by our Network Operation Center 24/7/365. Ongoing support of hardware and software in the proposed solution is provided by Net Access and our technical staff. All of our solutions include proactive updates, hardware replacement, configuration assistance, and security auditing.
5 Page 4 3. FLEX Services Solution Components The following FLEX Services are utilized in the solutions outlined in this document: FLEXSecurity Managed Firewall Dedicated next generation firewall with options for Remote Access, Site-to-Site VPN, and High Availability. Security features can include full UTM (unified threat management) - deep packet inspection intrusion detection, and advanced screening and filtering for URL, Web, , SPAM, and viruses. Available as a virtualized or hardware appliance. FLEXServer Rapidly deployed, securely hosted dedicated servers that can be connected to the Internet, other Net Access FLEX services or a client s existing network infrastructure to create a true hybrid solution. Net Access provides maintenance of the physical hardware, the supply of power, the network connectivity and provisions any purchased upgrades of the hardware. FLEXVirtualDC Our virtualized enterprise data center offering. Available as a dedicated or multi-tenant solution, FLEXVirtualDC allows clients to deploy, adjust and expand Virtual Machines (VM) on-demand using committed pool of compute, memory, storage and bandwidth resources via a self-service web portal. FLEXBackup Shared, dedicated or combined cloud backup and recovery solution that is securely hosted in a Net Access data center. FLEXBackup can be deployed as a complement to existing on-site office infrastructure, existing infrastructure within a Net Access data center or combined with any of our other FLEXServices. Advanced options include AES-256 encryption, deduplication, and numerous replication, restoration and recovery options. FLEXLoadBalancer - Virtual or hardware appliance solutions designed to evenly distribute web traffic over multiple servers. Features GSLB enabling multi-site failover, location based application balancing, and even IPv6 to IPv4 conversion. FLEXStorage Managed SAN and NAS storage infrastructures that can be either shared, dedicated or mixed, and support both file and block protocols natively including NFS, CIFS, SFTP and iscsi.
6 Page 5 4. Use Case & Solution Overview CUSTOMER PROFILE: A leading developer of a custom mobile application for doctor and patient collaboration on the impacts of newly introduced drugs. The application allows for the logging of prescription medication intake and tracks its impact, including side effects, over time. CUSTOMER REQUIREMENTS: Virtual server development and production environments Highly available and secure web services infrastructure Secure daily backups Secure communications between office(s) and virtual environment HIPAA compliance NET ACCESS PROPOSED SOLUTION COMPONENTS: Net Access recommended a HIPAA compliant FLEXCloud solution, which included the following FLEX services: FLEXServer FLEXVirtualDC FLEXLoadBalancer FLEXSecurity Firewall FLEXBackup FLEXStorage The proposal also included management by Net Access of all networking devices, storage units, and backups to improve compliance consistency by means of a single IT support staff. SOLUTION HIGHLIGHTS: FLEXVirtualDC provides a simplified web interface front-end to the virtual cloud environment, fallowing for rapid provisioning of FLEXServer and FLEXStorage hardware resources. The virtual cloud environment allows for the segregation of multiple networks and VM groups, creating independent development and production environments, with the former being accessible only over encrypted VPNs from remote office(s), and the latter accessible by the public Internet. The virtual environment is highly available, configured across multiple FLEXServers and backed by resilient FLEXStorage SAN components. The production environment web services will be highly available and secure, incorporating FLEXLoadBalancer features to evenly distribute load across virtual machines, and FLEXSecurity Firewall to restrict access with granular rulesets. FLEXSecurity Firewall, offered with high availability options, will also act as a highly available encrypted VPN tunnel termination point. FLEXBackup will be configured with daily scheduled incremental backup jobs, backed up postencryption at Net Access remote data center to provide recovery means. Communications between the virtual environment and remote client office(s) will be secured via encrypted VPN connections, and encrypted backups are to be stored at a remote data center on a daily basis.
7 Page 6 5. Solution Diagram
8 Page 7 6. HIPPA Regulations and Safeguards All proposed FLEXCloud components account for HIPAA regulations regarding the safeguarding of patient data (table below), or Protected Health Information (PHI). The solution aims to simplify and isolate management domains by providing a single management interface to the client, leaving remaining management responsibilities to Net Access IT support staff. With this isolation, Net Access can more efficiently adhere to key elements of HIPAA regulations as they pertain to provided solutions. Safeguard Administrative HIPAA Safeguards Scope Clearly define HIPAA compliant services for which administrative security, training, and contingency efforts must be addressed or implemented Clearly define HIPAA compliant services for which business associate agreements (BAAs) must be made between Net Access and clients Physical Clearly define HIPAA compliant services for which management and maintenance of facility access and contingency efforts must be addressed or implemented Clearly define Net Access IT support staff management access requirements and policies Technical Clearly define HIPAA compliant services for which Net Access IT support staff management access control efforts must be addressed or implemented Clearly define HIPAA compliant services for which logging and audit efforts must be addressed or implemented Clearly define HIPAA compliant services for which authentication mechanism efforts are addressed or implemented Clearly define HIPAA compliant services for which secure transmissions of data efforts are addressed or implemented A Net Access BAA template is to be made available to client to be used with or without modification. Client modifications are subject to Net Access Sales and management review.
Thought Leadership Paper Cloud Computing in the Hedge Fund Industry About Eze Castle Integration Eze Castle Integration is the leading provider of IT solutions and private cloud services to more than 600
Five Hosted VoIP Features WHITEPAPER: hosted exchange BUYER S GUIDE www.megapath.com executive summary The adoption of cloud-based hosted services is gaining momentum among businesses interested in reducing
Firewall Strategies June 2003 (Updated May 2009) 1 Table of Content Executive Summary...4 Brief survey of firewall concepts...4 What is the problem?...4 What is a firewall?...4 What skills are necessary
Cloud Computing Tutorial CLOUD COMPUTINGTUTORIAL by tutorialspoint.com tutorialspoint.com i ABOUT THE TUTORIAL Cloud Computing Tutorial Cloud Computing provides us a means by which we can access the applications
Web Filtering Email Filtering Mail Archiving Cloud Backup Disaster Recovery Virtual Machines Private Cloud itg CloudBase is a suite of fully managed Hybrid & Private Cloud Services ready to support your
White Paper: Managed Network Services Trends for Today s Enterprise Organizations Released December 2010 Spacenet Inc 1750 Old Meadow Road McLean, VA 22102 www.spacenet.com 866-480-2263 1 Table of Contents
white paper Public or Private Cloud: The Choice is Yours Current Cloudy Situation Facing Businesses There is no debate that most businesses are adopting cloud services at a rapid pace. In fact, a recent
VirtuousIT Ltd 1 Table of Contents 1 Introduction 3 The Data Explosion 3 The Importance of Rapid System Recovery 3 2 The VirtuousIT Solution 4 3 RecoveryShield - Solutions 5 Large Business 5 Small Medium
custom hosting for how you do business 24775 League Island Boulevard Philadelphia PA 19112 gibraltarit.com 866.410.4427 Gibraltar s replicated cloud architecture and PCI/HIPAA compliant data centers provide
DEDICATED vs. CLOUD: Comparing dedicated and cloud infrastructure for high availability (HA) and non-high availability applications Avi Freedman / Technical Advisor A white paper by TABLE OF CONTENTS Introduction
Dedicated Compute Cloud Version: 1.0, Issue Date: 09/12/2014 Classification: Open Classification: Open ii MDS Technologies Ltd 201416/12/2014. Other than for the sole purpose of evaluating this Response,
Cloud Computing: Public, Private, and Hybrid You ve heard a lot lately about Cloud Computing even that there are different kinds of Clouds. And you ve got questions:» What are the differences between Public
Selecting the right Cloud Three steps for determining the most appropriate Cloud strategy Selecting the most appropriate cloud model can be a challenging process for organisations and IT executives tasked
Cloud Computing: Transforming the Enterprise Cloud computing is not just a trend. It is changing the way IT organizations drive business value. THINK SMART. ACT FAST. FLEX YOUR BUSINESS. EXECUTIVE SUMMARY
IT@Intel White Paper Intel Information Technology Business Solutions June 2010 An Enterprise Private Cloud Architecture and Implementation Roadmap The private cloud is a shared multi-tenant environment
Index The Expanding Role of the Network in Business Success 4 What Are Managed Services? 4 Scenario 1: Customer Owns Network and Shares Management Responsibility 5 Scenario 2: Service Provider Owns the
Cloud-Based Project Information Management from Aconex: A Guide for IT Professionals Adopting an Aconex SaaS Solution It s the job of CIOs and IT managers to ensure that their organizations adopt secure
AskAvanade: Answering the Burning Questions around Cloud Computing There is a great deal of interest in better leveraging the benefits of cloud computing. While there is a lot of excitement about the cloud,
Agentless Security for VMware Virtual Data Centers and Cloud Trend Micro Deep Security VMware Global Technology Alliance Partner Trend Micro, Incorporated» This white paper reviews the challenges of applying
THE BENEFITS OF CLOUD NETWORKING 1 White Paper The Benefits of Cloud Networking Enable cloud networking to lower IT costs & boost IT productivity 2 THE BENEFITS OF CLOUD NETWORKING Table of Contents Introduction
Market Data + Services Advanced outsourcing solutions IT Hosting and Managed Services Table of Contents 3 Table of Contents Introduction Market Data + Services powers the financial community with a range
The Microsoft Office 365 Buyer s Guide for the Enterprise Guiding customers through key decisions relative to online communication and collaboration solutions. Version 2.0 April 2011 Note: The information
OSHEAN Virtual Private Cloud (VPC) Virtual Compute Storage SERVICE DESCRIPTION OSHEAN Virtual Private Cloud (VPC) Compute SERVICE DESCRIPTION Mission Statement OSHEAN, Inc. is a non-profit coalition of