Solutions Brief. Citrix Solutions for Healthcare and HIPAA Compliance. citrix.com/healthcare

Size: px
Start display at page:

Download "Solutions Brief. Citrix Solutions for Healthcare and HIPAA Compliance. citrix.com/healthcare"

Transcription

1 Solutions Brief Citrix Solutions for Healthcare and HIPAA Compliance citrix.com/healthcare

2 While most people are well aware of the repercussions of losing personal or organizational data from identity theft to termination penalties for losing patient data under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) are far more severe. Financial penalties range up to $1.5 million, and can be accompanied by potential damage to your brand. To help you avoid these problems, Citrix prepared this guide to take some of the guesswork out of how to apply our technologies to meet specific requirements of the HIPAA Security Rule. This document will also help you better understand how your investment in Citrix solutions can help you support broader enterprise governance, risk, and compliance (egrc) initiatives going forward. The matrix is based upon the HIPAA Security s rule published in the Federal Register on February 20, 2003 (45 CFR Parts 160 and 164 Health Insurance Reform: Security s; Final Rule). The Department of Health and Human Services provides the HIPAA Security s on its website: An overview of HIPAA and HITECH The Health Insurance Portability Accountability Act of 1996 (HIPAA) is a U.S. law with the objective of providing privacy standards designed to protect patients medical records and specified health information provided to health plans, doctors, hospitals, and other healthcare providers. At a high level, HIPAA breaks into the following categories: HIPAA Privacy Rule, which creates a minimum standard for the protection of health information and privacy rights for all in the U.S. HIPAA Security Rule, which establishes physical, technical, and administrative safeguards for electronic transactions of electronic protected health information (ephi) and links closely to the Privacy Rule. These categories break into the following subcategories: Technical safeguards, which include access control, audit controls, integrity controls, and transmission security. Physical safeguards, which include facility access and control, as well as physical workstation and device security. Administrative safeguards, which include security management processes, security personnel, information access management, training, and assessment. Organizational policies/procedures and documentation requirements, which include covered entity responsibilities, business associate contracts, and policy/procedure and documentation requirements and updates. Transaction and code sets standards, which are designed to achieve administrative simplification on a national scale. citrix.com/healthcare 2

3 Citrix IT solutions for healthcare The tables below identify the specific requirements of the HIPAA Security Rule, what they call for to be successfully implemented, and the recommended Citrix products that can help you achieve that. You ll also find valuable information that estimates how much impact Citrix technology can have on compliance. HIPAA Security Compliance with the rule is enhanced by the use of Citrix technologies; however, additional measures are required for full compliance. Compliance with the rule is enabled by the use of Citrix technologies; however, compliance will depend on several factors within the customers exclusive control, including system design, deployment attributes, administrative settings, and inclusion of non-citrix technologies. ADMINISTRATIVE SAFEGUARDS Security Management Process (a)(1) Assigned Security Responsibility (a)(2) Workforce Security (a)(3) Conduct HIPAA/ePHI assessment and risk analysis (R) Implement measures to manage/reduce HIPAA risks (R) Apply sanctions against non-compliant workers (R) Conduct regular system review (logs, incidents, etc.) (R) Identify, assign, and train HIPAA security officer Authorization and/or supervision of workforce (A) Develop workforce clearance/verification procedure (A) Enhanced: While this rule is administrative in nature, the Citrix product suite influences successful compliance in that XenApp, XenDesktop, XenMobile, and ShareFile each function to reduce risk associated with loss or exposure of ephi, combining data containment strategies with encryption, auditing, and granular policy. As the delivery mechanism for the controlled applications and data, Citrix products are uniquely suited to improve compliance. Enhanced: XenDesktop and XenApp bring unparalleled visibility into all applications and user sessions in a compliant environment. With the ability to determine who used an application, when, for how long, and what application-level errors or messages occurred, IT staff benefit from a much more granular set of audit logs than they would with traditional application delivery mechanisms. Audit information contained within Citrix logs can provide information to security and IT teams for both active incidents and investigations after the fact. XenDesktop, XenApp, XenMobile, ShareFile, citrix.com/healthcare 3

4 ADMINISTRATIVE SAFEGUARDS continued Workforce Security continued (a)(3) Implement procedures for access termination (A) Enhanced: Although access termination is an administrative task, XenDesktop and XenApp increase IT and security teams ability to remove access for terminated employees to both limit them from logging into protected applications and from seeing the applications. This is most beneficial when large numbers of applications are used that are not integrated into a central directory (such as Active Directory) and would require a complex process or individual application restrictions to a large number of applications. Additionally, use of XenMobile and ShareFile provide the same ability as XenDesktop and XenApp but extend control and access termination to corporate-provided or, more importantly, user-owned mobile devices. When properly configured, not only will access be terminated on mobile devices, but all controlled data will be removed, regardless of whether or not the device is on the network. XenApp, XenDesktop, XenMobile, ShareFile, Information Access Management (a)(4) Isolate any healthcare clearinghouse functions (R) Implement policies to authorize access to ephi by job function (A) Enhanced: Use of Citrix products and integration with a central user directory allows increased granularity of control when configuring access for users. While traditional delivery methods restrict the user s ability to log in to controlled applications, XenApp and XenDesktop effectively remove the ability to even see the application unless the job function or role permits it. This increased granularity and control allows the IT and security teams to minimize their attack surface, provide a second mechanism to ensure that users who shouldn t have access to applications don t, and significantly reduce unauthorized access attempts from users or third parties. XenMobile Establish policies to review/ modify user access rights (A) Security Awareness and Training (a)(5) Implement and conduct periodic security updates/ training (A) Implement protection from malicious software; establish process for regular system patch and security updates (A) Enhanced: Use of Citrix Provisioning Server with XenApp and XenDesktop ensures that malicious software is removed from systems upon reboot (typically automated) and that all servers and desktops based on the provisioned image maintain identical patch and security update configuration. This reduces the overall burden to IT and security staff and ensures significantly higher levels of compliance to this safeguard, especially when used at scale. Provisioning Server citrix.com/healthcare 4

5 ADMINISTRATIVE SAFEGUARDS continued Security Awareness and Training continued (a)(5) Establish/implement procedures for login monitoring (A) Enhanced: When used in conjunction with application-level logging, XenApp, XenDesktop, and XenMobile enable increased granularity and monitoring capabilities down to the application level, providing additional data regarding who is logging into an application, from where, and for how long. This allows IT and security staff additional visibility into users access to controlled applications as well as faster correlation in the event of compromise or incident. XenMobile Establish/implement procedures and rules for strong password management (A) Security Incident Procedures (a)(6) Implement policies and procedures to address and report security incidents (R) Contingency Plan (a)(7) Implement procedures to make exact copies of ephi data (R) Implement plans/ procedures to restore any loss of data (R) Establish continuity plans to continue operations and protect ephi in case of emergency mode operations (R) Enhanced: When combined with, XenApp, and XenDesktop provide significantly improved disaster recovery/business continuity capabilities in the event that normal operations are disrupted. By reducing the level of effort and complexity of delivery applications and data from a secondary location (on-premise or cloudbased), IT and security staff are free to focus on restoration procedures while clinical users have a much more robust user experience over traditional continuity plans. Periodically test and revise contingency/emergency plans (A) Assess criticality of applications and data in contingency plans for emergency mode operations (A) Evaluation (a)(8) Perform periodic technical and non-technical evaluation of environment and operations as they pertain to ephi Business Associate Contracts and Other Arrangements Establish written contracts with business associates (R) (b)(1) citrix.com/healthcare 5

6 PHYSICAL SAFEGUARDS Facility Access Controls (a)(1) Provide for facility access for contingency operation mode (A) Develop procedures for physical security of ephi (A) Control individual physical access to ephi (employees/ visitors/contractors) (A) Document maintenance to physical components/ facility (A) Workstation Use (b) Implement policies for proper use and location of user devices that can access ephi (on/off-premise laptops and workstations) Enhanced: XenApp, XenDesktop, and XenMobile enable IT and security staff to have simpler and more effective policies regarding the location and authorization to access protected applications and infrastructure both on and off premise by allowing access to applications or machines housing ephi by centralizing applications into the data center and granting access to interact only during active use. Combined with two-factor authentication, a properly deployed Citrix environment ensures that data stays within the data center regardless of the device type, ownership, or location. XenMobile, Workstation Security (c) Implement physical safeguards for all workstations that access ephi to restrict access only to authorized users Enhanced: XenApp, XenDesktop, and XenMobile allow integration with HID, smart card, and other authentication technologies that restrict the ability to access ephi even with physical access to the device. Working on the principle of granting access with something you know (username/password) and something you have (HID badge, smart card, etc.), Citrix combines physical and logical controls even on campus. Further, when configured to automatically secure applications and desktops that have been idle for a specified period of time, Citrix technologies help keep security intact even in the event of an abandoned session. XenMobile Device and Media Controls (d)(1) Implement procedures to address final disposal of media and devices containing ephi, including internal/external (R) Implement policies for reuse of media containing ephi (R) Maintain records of movement of hardware and media containing ephi inside and outside of facility (A) Create exact copy of ephi before movement of equipment (A) citrix.com/healthcare 6

7 TECHNICAL SAFEGUARDS Access Control (a)(1) Assign a unique identifier to track user identity (R) Enhanced: XenApp, XenDesktop, and XenMobile allow IT and security teams to leverage the unique identifier to determine whether a user should even see an application that contains ephi or log in to said application. Additionally, robust logging of user activity in Citrix allows IT and security to track activity before and after access to ephi applications further enhancing visibility. XenMobile Create procedures to access ephi during an emergency (R) Enabled: With the capability to provision Citrix presence to cloud services such as Amazon, Microsoft, etc., certain emergency circumstances can be mitigated, thereby enhancing the ability to provide emergency procedures and increase the clinician experience in the event of an emergency (for example, an ephi export/repository hosted in a Citrix environment in the cloud with hotspots or other technology to provide access in the event that the network is down). Terminate a user session after a certain period of inactivity (A) Enabled: Citrix natively provides the ability to have granular timeouts and the ability to secure idle sessions. For example, if a session is abandoned or inactive, the session will time out and secure the user s environment; however, because the session is in a disconnected state, it s ready for the user to resume work where they left off, bringing the session back to an active state from the secured/ disconnected state (and allowing for a more aggressive timeout for the initial disconnect/ securing of the session). If the disconnected session is not used after a specified amount of time, the session will be terminated completely. This granular control provides a much more robust user experience with a high level of security and brings compliance of this rule beyond just the applications, securing the entire environment and all associated ephi. XenMobile Implement a mechanism to encrypt/decrypt ephi (A) Enabled: Use of XenApp and XenDesktop can not only reduce the amount of data needed to encrypt by keeping all data in the data center and enforcing policies that do not allow export or removal of data outside of the data center (data that is typically cached or copied to distributed PCs/workstations) but also provides in-flight encryption capabilities for ALL information accessed. XenMobile and ShareFile ensure that ephi distributed outside of the confines of an organization s secured network or owned assets is encrypted and secure (for example, on mobile phones, tablets, personal computers, etc.). XenMobile, ShareFile, citrix.com/healthcare 7

8 TECHNICAL SAFEGUARDS continued Audit Controls (b) Implement systems that record, examine, and report on activity in all information systems that contain or use ephi Enabled: Citrix applications access audit records of application use and activity that when coupled with the audit capabilities of certified EMRs provides unparalleled audit records that enhance an organization s ability to know and report on activity generated by a user that includes connecting username, device name, IP of connecting workstation (inside and outside the corporate network), application used, and for how long, as well as capture of all errors/notifications (such as invalid password or unauthorized access attempts) that the application containing ephi generates. This information is particularly valuable in investigating potential breaches or unauthorized access. XenMobile, ShareFile, Integrity (c)(1) Implement procedures to authenticate and protect ephi from improper alteration or destruction (A) Person or Entity Authentication (d) Implement procedures to verify that a person or entity attempting to access ephi is the one claimed Enabled: Citrix enhances the ability to ensure that the person or entity accessing is the one claimed through its support and integration with multifactor authentication such as smart cards, biometrics, etc. This can effectively limit access to Citrix, hosting the EMR application to those authorized with the second measure, disallowing access to even attempt to launch the ephi-containing applications if the user is unable to properly authenticate. This specifically warrants against user account compromise or account sharing. XenMobile, ShareFile Transmission Security (e)(1) Ensure ephi isn t improperly modified during transmission (A) Encrypt transmitted ephi whenever deemed appropriate (A) Enabled: XenApp and XenDesktop encrypt transmitted data and session information by default and support increased levels of encyption above and beyond default levels if desired. XenMobile and ShareFile allow transmitted data sent via or file distribution to be encrypted during transmission, ensuring that current methods of distribution by clinical staff are secured. XenMobile, ShareFile, ORGANIZATIONAL REQUIREMENTS (OMNIBUS RULE) Business Associate Contracts or Other Arrangements (a)(1) Implement BA agreements for any partners/ subcontractors that create, receive, maintain, or transmit ephi (R) Enhanced: ShareFile provides a secure data storage enclave dedicated only for PHI. This secure enclave, ShareFile Cloud for Healthcare, enables covered entities and their business associates to leverage the protected ShareFile platform within a private cloud to process, maintain, and store PHI. ShareFile supports your HIPAA compliance and will enter into a business associate agreement (BAA) with customers that want to upload and share PHI using ShareFile. ShareFile Other arrangements needed to satisfy this requirement (R) Requirements for Group Health Plans (b)(1) Group health plans must in general abide by all specifications of the HIPAA Security Rule, similar to other covered entities (R) citrix.com/healthcare 8

9 POLICIES, PROCEDURES, AND DOCUMENTATION REQUIREMENTS (OMNIBUS RULE) Policies and Procedures (a) Documentation (b)(1) Implement policies/ procedures to comply with all standards and specifications of HIPAA rule. Document changes as needed. Retain documentation for 6 years (R) Make documents available for all responsible parties (R) Review and update as needed (R) Frequently asked questions Q: What are the general requirements of the HIPAA Security s? (Ref: Security s: General Rules) Covered entities must do the following: 1. Ensure the confidentiality, integrity and availability of all electronic protected health information the covered entity creates, receives, maintains or transmits. 2. Protect against any reasonably anticipated threats or hazards to the security or integrity of such information. 3. Protect against any reasonably anticipated uses or disclosures of such information that are not permitted or required under the privacy regulations. 4. Ensure compliance with this subpart by its workforce. Q: How are covered entities expected to address these requirements? Covered entities may use any security measures that reasonably and appropriately implement the standards; however, covered entities must first take into account the risks to protected electronic information; the organization s size, complexity and existing infrastructure; and costs. The final rule includes three safeguards sections outlining standards (what must be done) and implementation specifications (how it must be done) that are either required or addressable. If required, it must be implemented to meet the standard; if addressable, a covered entity can either implement it, implement an equivalent measure or do nothing (documenting why it would not be reasonable and appropriate). Administrative Safeguards: Policies and procedures, workforce security and training, evaluations, and business associate contracts. Physical Safeguards: Facility access, workstation security, and device and media controls. Technical Safeguards: Access control, audit controls, data integrity, authentication, and transmission security. Q: What is Citrix doing to help customers address HIPAA regulations? To facilitate our customers compliance with HIPAA security regulations, Citrix is providing detailed information about the security safeguards we have implemented into our healthcare solutions. This information is provided in this document, our security white paper, and other technical collateral. Additionally, our Client Services group is available to provide guidance and assistance in all deployments. citrix.com/healthcare 9

10 Learn more We hope that the information provided in these tables gives you a better understanding of how Citrix solutions for healthcare can help you meet HIPAA and HITECH security requirements. Our commitment to helping our customers comply with these important regulations is one of the reasons we ve become a trusted solution partner of 90 percent of the largest healthcare providers, all of the US NEWS & World Report top hospitals, and the top healthcare IT vendors. You can learn more about Citrix solutions for healthcare and HIPAA compliance on our website and by reading through the FAQs and white papers we ve prepared around these topics. Web: Citrix IT Solutions for Healthcare Citrix Security and Compliance Solutions FAQ: Citrix ShareFile Cloud for Healthcare documents/products-solutions/citrix-sharefile-cloudfor-healthcare-frequently-asked-questions.pdf White Paper: Citrix ShareFile Cloud for Healthcare documents/products-solutions/what-is-the-citrixsharefile-cloud-for-healthcare.pdf Corporate Headquarters Fort Lauderdale, FL, USA India Development Center Bangalore, India Latin America Headquarters Coral Gables, FL, USA Silicon Valley Headquarters Santa Clara, CA, USA Online Division Headquarters Santa Barbara, CA, USA UK Development Center Chalfont, United Kingdom EMEA Headquarters Schaffhausen, Switzerland Pacific Headquarters Hong Kong, China About Citrix Citrix (NASDAQ:CTXS) is a leader in mobile workspaces, providing virtualization, mobility management, networking and cloud services to enable new ways to work better. Citrix solutions power business mobility through secure, personal workspaces that provide people with instant access to apps, desktops, data and communications on any device, over any network and cloud. This year Citrix is celebrating 25 years of innovation, making IT simpler and people more productive. With annual revenue in 2013 of $2.9 billion, Citrix solutions are in use at more than 330,000 organizations and by over 100 million users globally. Learn more at Copyright 2014 Citrix Systems, Inc. All rights reserved. Citrix, XenMobile, ShareFile and are trademarks of Citrix Systems, Inc. and/or one of its subsidiaries, and may be registered in the U.S. and other countries. Other product and company names mentioned herein may be trademarks of their respective companies. 1114/PDF citrix.com/healthcare 10

Safeguard Protected Health Information With Citrix ShareFile

Safeguard Protected Health Information With Citrix ShareFile Safeguard Protected Health Information With Citrix ShareFile This enterprise file sync and sharing solution supports HIPAA compliance, boosts security and mobilizes data access Citrix ShareFile helps healthcare

More information

HIPAA Compliance Guide

HIPAA Compliance Guide HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care

More information

The Office Reinvented: Mobile Workspaces are the Future of Work

The Office Reinvented: Mobile Workspaces are the Future of Work The Office Reinvented: Mobile Workspaces are the Future of Work How Citrix, Google and Samsung enable secure business mobility. Business mobility empowers people with a convenient and complete work experience

More information

Citrix Lifecycle Management

Citrix Lifecycle Management Citrix Lifecycle Management Comprehensive cloud-based service lifecycle management solution IT administrators are realizing that application deployments are getting more complex and error-prone than ever

More information

Safeguard protected health information with ShareFile

Safeguard protected health information with ShareFile Solutions Brief Safeguard protected health information with ShareFile This enterprise file sync and sharing solution supports HIPAA compliance, boosts security and mobilizes data access ShareFile helps

More information

Advanced Service Desk Security

Advanced Service Desk Security Advanced Service Desk Security Robust end-to-end security measures have been built into the GoToAssist Service Desk architecture to ensure the privacy and integrity of all data. gotoassist.com Many service

More information

Datto Compliance 101 1

Datto Compliance 101 1 Datto Compliance 101 1 Overview Overview This document provides a general overview of the Health Insurance Portability and Accounting Act (HIPAA) compliance requirements for Managed Service Providers (MSPs)

More information

Secure Data Sharing in the Enterprise

Secure Data Sharing in the Enterprise Secure Data Sharing in the Enterprise 2 Follow-me data and productivity for users with security and manageability for IT Productivity today depends on the ability of workers to access and share their data

More information

Citrix ShareFile Enterprise technical overview

Citrix ShareFile Enterprise technical overview Citrix ShareFile Enterprise technical overview 2 The role of IT organizations is changing rapidly as the forces of consumerization pose new challenges. IT is transitioning from the sole provider of user

More information

Citrix NetScaler and Microsoft SharePoint 2013 Hybrid Deployment Guide

Citrix NetScaler and Microsoft SharePoint 2013 Hybrid Deployment Guide Citrix NetScaler and Microsoft SharePoint 2013 Hybrid Deployment Guide 2013 Deployment Guide Table of Contents Overview 3 SharePoint Hybrid Deployment Overview 3 Workflow 4 Step by Step Configuration on

More information

Powering Real-Time Mobile Access to Critical Information With Citrix ShareFile

Powering Real-Time Mobile Access to Critical Information With Citrix ShareFile Powering Real-Time Mobile Access to Critical Information With Citrix ShareFile An enterprise file sync and sharing solution built for the needs of the energy, oil and gas industry to provide employee and

More information

White Paper. Protecting Mobile Apps with Citrix XenMobile and MDX. citrix.com

White Paper. Protecting Mobile Apps with Citrix XenMobile and MDX. citrix.com Protecting Mobile Apps with Citrix XenMobile and MDX citrix.com Mobility is a top priority for organizations as more employees demand access to the apps and data that will make them productive. Employees

More information

Design and deliver cloudbased apps and data for flexible, on-demand IT

Design and deliver cloudbased apps and data for flexible, on-demand IT Design and deliver cloudbased apps and data for flexible, on-demand IT Discover the fastest and easiest way for IT to enable business productivity using cloud-based management and delivery of complete

More information

HIPAA Compliance Guide

HIPAA Compliance Guide HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care

More information

Top Three Reasons to Deliver Web Apps with App Virtualization

Top Three Reasons to Deliver Web Apps with App Virtualization Top Three Reasons to Deliver Web Apps with App Virtualization Improve manageability, security and performance for browser-based apps. Web browsers can cause many of the same headaches as any other Windows

More information

Bring-Your-Own-Device Freedom

Bring-Your-Own-Device Freedom Bring-Your-Own-Device Freedom Solutions for federal, state, and local governments Increasingly, IT organizations in federal, state, and local agencies are embracing consumerization with the understanding

More information

Deploying NetScaler Gateway in ICA Proxy Mode

Deploying NetScaler Gateway in ICA Proxy Mode Deploying NetScaler Gateway in ICA Proxy Mode Deployment Guide This deployment guide defines the configuration required for using the NetScaler Gateway in ICA Proxy Mode. Table of Contents Introduction

More information

VMware vcloud Air HIPAA Matrix

VMware vcloud Air HIPAA Matrix goes to great lengths to ensure the security and availability of vcloud Air services. In this effort VMware has completed an independent third party examination of vcloud Air against applicable regulatory

More information

Microsoft SharePoint 2013 with Citrix NetScaler

Microsoft SharePoint 2013 with Citrix NetScaler Deployment Guide Microsoft SharePoint 2013 with Citrix NetScaler Deployment Guide citrix.com Table of contents Introduction 3 NetScaler value-add to SharePoint 4 Product versions and prerequisites 4 Deploying

More information

Provisioning ShareFile on Microsoft Azure Storage

Provisioning ShareFile on Microsoft Azure Storage ShareFile StorageZones Provisioning ShareFile on Microsoft Azure Storage This document provides a technical overview of how ShareFile can be provisioned on customermanaged, Microsoft Azure cloud storage

More information

The Always-on Enterprise: Business Continuity Scenarios that Work

The Always-on Enterprise: Business Continuity Scenarios that Work Solutions Brief The Always-on Enterprise: Business Continuity Scenarios that Work How mobility solutions from Citrix, Google and Samsung ensure continuous productivity. Business continuity keeps CIOs up

More information

Trend Micro Cloud Security for Citrix CloudPlatform

Trend Micro Cloud Security for Citrix CloudPlatform Trend Micro Cloud Security for Citrix CloudPlatform Proven Security Solutions for Public, Private and Hybrid Clouds 2 Trend Micro Provides Security for Citrix CloudPlatform Organizations today are embracing

More information

Virtual desktops in hospitals: streamlining clinical workflows

Virtual desktops in hospitals: streamlining clinical workflows Virtual desktops in hospitals: streamlining clinical workflows How providers leverage Citrix and Imprivata solutions to optimize clinical workflows improving quality of care, while complying with industry

More information

Solutions Guide. Deploying Citrix NetScaler for Global Server Load Balancing of Microsoft Lync 2013. citrix.com

Solutions Guide. Deploying Citrix NetScaler for Global Server Load Balancing of Microsoft Lync 2013. citrix.com Solutions Guide Deploying Citrix NetScaler for Global Server Load Balancing of Microsoft Lync 2013 Table of Contents Introduction 3 Overview of Microsoft Lync 2013 3 Why NetScaler GSLB Solution for Lync

More information

HIPAA Security Alert

HIPAA Security Alert Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information

More information

Modernize your business with Citrix XenApp 7.6

Modernize your business with Citrix XenApp 7.6 Modernize your business with Citrix XenApp 7.6 Avoid non-compliance issues and keep your business running smoothly by upgrading your SAP environment to run on top of the latest Citrix and Microsoft technologies

More information

Mobilize Email with Enterprise-Grade Security and a Great Experience

Mobilize Email with Enterprise-Grade Security and a Great Experience White Paper Mobilize Email with Enterprise-Grade Security and a Great Experience Data protection for your business. Flexibility for IT. Seamless productivity for your workforce. People need to be able

More information

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) Table of Contents Introduction... 1 1. Administrative Safeguards...

More information

Appendix 4-2: Sample HIPAA Security Risk Assessment For a Small Physician Practice

Appendix 4-2: Sample HIPAA Security Risk Assessment For a Small Physician Practice Appendix 4-2: Administrative, Physical, and Technical Safeguards Breach Notification Rule How Use this Assessment The following sample risk assessment provides you with a series of sample questions help

More information

Deploying XenApp on a Microsoft Azure cloud

Deploying XenApp on a Microsoft Azure cloud Deploying XenApp on a Microsoft Azure cloud The scalability and economics of XenApp services on-demand citrix.com Given business dynamics seasonal peaks, mergers, acquisitions, and changing business priorities

More information

HIPAA Security Matrix

HIPAA Security Matrix HIPAA Matrix Hardware : 164.308(a)(1) Management Process =Required, =Addressable Risk Analysis The Covered Entity (CE) can store its Risk Analysis document encrypted and offsite using EVault managed software

More information

Healthcare Compliance Solutions

Healthcare Compliance Solutions Privacy Compliance Healthcare Compliance Solutions Trust and privacy are essential for building meaningful human relationships. Let Protected Trust be your Safe Harbor The U.S. Department of Health and

More information

IBM Internet Security Systems. The IBM Internet Security Systems approach for Health Insurance Portability and Accountability Act compliance overview

IBM Internet Security Systems. The IBM Internet Security Systems approach for Health Insurance Portability and Accountability Act compliance overview IBM Internet Security Systems The IBM Internet Security Systems approach for Health Insurance Portability and Accountability Act compliance overview Health Insurance Portability and Accountability Act

More information

Maximizing Flexibility and Productivity for Mobile MacBook Users

Maximizing Flexibility and Productivity for Mobile MacBook Users Citrix DesktopPlayer for Mac White Paper Maximizing Flexibility and Productivity for Mobile MacBook Users Windows virtual desktops to go for corporate and BYO Macs 2 Executive Overview The popularity of

More information

Microsoft Dynamics CRM 2015 with NetScaler for Global Server Load Balancing

Microsoft Dynamics CRM 2015 with NetScaler for Global Server Load Balancing Microsoft Dynamics CRM 2015 with NetScaler for Global Server Load Balancing Solution Guide This solution guide focuses on defining the deployment process for Microsoft Dynamics CRM with Citrix NetScaler.

More information

HIPAA Security Rule Compliance

HIPAA Security Rule Compliance HIPAA Security Rule Compliance Caryn Reiker MAXIS360 HIPAA Security Rule Compliance what is it and why you should be concerned about it Table of Contents About HIPAA... 2 Who Must Comply... 2 The HIPAA

More information

RSA Adaptive Authentication and Citrix NetScaler SDX Platform Overview

RSA Adaptive Authentication and Citrix NetScaler SDX Platform Overview RSA Adaptive Authentication and Citrix NetScaler SDX Platform Overview 2 RSA and Citrix have a long history of partnership based upon integration between RSA Adaptive Authentication and Citrix NetScaler

More information

Redefining IT for federal healthcare agencies

Redefining IT for federal healthcare agencies Redefining IT for federal healthcare agencies Redefining IT for federal healthcare agencies Virtualization solutions for clinicians and patients: Anytime, anywhere, on any device Executive summary These

More information

Guide to Deploying Microsoft Exchange 2013 with Citrix NetScaler

Guide to Deploying Microsoft Exchange 2013 with Citrix NetScaler Deployment Guide Guide to Deploying Microsoft Exchange 2013 with Citrix NetScaler Extensive guide covering details of NetScaler ADC deployment with Microsoft Exchange 2013. Table of Contents Introduction

More information

An Oracle White Paper December 2010. Leveraging Oracle Enterprise Single Sign-On Suite Plus to Achieve HIPAA Compliance

An Oracle White Paper December 2010. Leveraging Oracle Enterprise Single Sign-On Suite Plus to Achieve HIPAA Compliance An Oracle White Paper December 2010 Leveraging Oracle Enterprise Single Sign-On Suite Plus to Achieve HIPAA Compliance Executive Overview... 1 Health Information Portability and Accountability Act Security

More information

The falling cost and rising value of desktop virtualization

The falling cost and rising value of desktop virtualization The falling cost and rising value of desktop virtualization 2 The growing strategic value of desktop virtualization, from a more flexible, productive workforce to lower real estate costs, has made it a

More information

HIPAA Security. 4 Security Standards: Technical Safeguards. Security Topics

HIPAA Security. 4 Security Standards: Technical Safeguards. Security Topics HIPAA Security S E R I E S Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical

More information

HIPAA/HITECH PRIVACY & SECURITY CHECKLIST SELF ASSESSMENT INSTRUCTIONS

HIPAA/HITECH PRIVACY & SECURITY CHECKLIST SELF ASSESSMENT INSTRUCTIONS HIPAA/HITECH PRIVACY & SECURITY CHECKLIST SELF ASSESSMENT INSTRUCTIONS Thank you for taking the time to fill out the privacy & security checklist. Once completed, this checklist will help us get a better

More information

Solution Guide for Citrix NetScaler and Cisco APIC EM

Solution Guide for Citrix NetScaler and Cisco APIC EM Solution Guide for Citrix NetScaler and Cisco APIC EM Orchestrating Network QoS policy for delivering enhanced video experience to XenDesktop users Table of contents Solution Overview 3 Executive Summary

More information

HIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics

HIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 5. 2. Security Standards - Organizational, Security Policies Standards & Procedures, - Administrative and Documentation Safeguards

More information

Healthcare Compliance Solutions

Healthcare Compliance Solutions Healthcare Compliance Solutions Let Protected Trust be your Safe Harbor In the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH), the U.S. Department of Health and Human

More information

ShareFile for enterprises

ShareFile for enterprises Product Overview ShareFile for enterprises Secure, sync and share enterprise files everywhere ShareFile is a secure enterprise file sync and sharing service that meets the mobility and collaboration needs

More information

Powering real-time mobile access to critical information with ShareFile

Powering real-time mobile access to critical information with ShareFile Powering real-time mobile access to critical information with ShareFile An enterprise file sync and sharing solution built for the needs of the energy, oil and gas industry to provide employee and third-party

More information

ShareFile Enterprise technical overview

ShareFile Enterprise technical overview Overview Guide ShareFile Enterprise technical overview Secure data sync and sharing services ShareFile empowers users to securely share files with anyone and to sync files across all of their devices The

More information

HIPAA SECURITY RISK ASSESSMENT SMALL PHYSICIAN PRACTICE

HIPAA SECURITY RISK ASSESSMENT SMALL PHYSICIAN PRACTICE HIPAA SECURITY RISK ASSESSMENT SMALL PHYSICIAN PRACTICE How to Use this Assessment The following risk assessment provides you with a series of questions to help you prioritize the development and implementation

More information

Deploying XenApp 7.5 on Microsoft Azure cloud

Deploying XenApp 7.5 on Microsoft Azure cloud Deploying XenApp 7.5 on Microsoft Azure cloud The scalability and economics of delivering Citrix XenApp services Given business dynamics seasonal peaks, mergers, acquisitions, and changing business priorities

More information

How To Use Netscaler As An Afs Proxy

How To Use Netscaler As An Afs Proxy Deployment Guide Guide to Deploying NetScaler as an Active Directory Federation Services Proxy Enabling seamless authentication for Office 365 use cases Table of Contents Introduction 3 ADFS proxy deployment

More information

SECURITY RISK ASSESSMENT SUMMARY

SECURITY RISK ASSESSMENT SUMMARY Providers Business Name: Providers Business Address: City, State, Zip Acronyms NIST FIPS PHI EPHI BA CE EHR HHS IS National Institute of Standards and Technology Federal Information Process Standards Protected

More information

HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant

HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant 1 HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant Introduction U.S. healthcare laws intended to protect patient information (Protected Health Information or PHI) and the myriad

More information

Citrix ShareFile Enterprise: a technical overview citrix.com

Citrix ShareFile Enterprise: a technical overview citrix.com Citrix ShareFile Enterprise: a technical overview White Paper Citrix ShareFile Enterprise: a technical overview 2 The role of IT organizations is changing rapidly as the forces of consumerization pose

More information

icrosoft TMG Replacement with NetScaler

icrosoft TMG Replacement with NetScaler icrosoft TMG Replacement with NetScaler Replacing Microsoft Forefront TMG with NetScaler for secure VPN access Table of contents Introduction 3 Configuration details 3 NetScaler features to be enabled

More information

Optimizing service assurance for XenServer virtual infrastructures with Xangati

Optimizing service assurance for XenServer virtual infrastructures with Xangati Solutions Brief Optimizing service assurance for XenServer virtual infrastructures with Xangati As IT organizations adopt application, desktop and server virtualization solutions as the primary method

More information

efolder White Paper: HIPAA Compliance

efolder White Paper: HIPAA Compliance efolder White Paper: HIPAA Compliance October 2014 Copyright 2014, efolder, Inc. Abstract This paper outlines how companies can use certain efolder services to facilitate HIPAA and HITECH compliance within

More information

Solutions Brief. A tale of three universities: Increasing access, engagement and learning. citrix.com/education

Solutions Brief. A tale of three universities: Increasing access, engagement and learning. citrix.com/education A tale of three universities: Increasing access, Three universities collaborated and designed a mobility strategy utilizing Citrix solutions to modernize their IT platforms and they are transforming the

More information

Secure SSL, Fast SSL

Secure SSL, Fast SSL Citrix NetScaler and Thales nshield work together to protect encryption keys and accelerate SSL traffic With growing use of cloud-based, virtual, and multi-tenant services, customers want to utilize virtual

More information

Enterprise- Grade MDM

Enterprise- Grade MDM Enterprise- Grade MDM This brief describes a foundational strategic feature of the Citrix enterprise mobility offering, enterprise-grade MDM. 2 While the transition of mobile phones into computers has

More information

White Paper. Optimizing the video experience for XenApp and XenDesktop deployments with CloudBridge. citrix.com

White Paper. Optimizing the video experience for XenApp and XenDesktop deployments with CloudBridge. citrix.com Optimizing the video experience for XenApp and XenDesktop deployments with CloudBridge Video content usage within the enterprise is growing significantly. In fact, Gartner forecasted that by 2016, large

More information

Taking Windows Mobile on Any Device

Taking Windows Mobile on Any Device Taking Windows Mobile on Any Device As the adoption of mobile devices continues to expand, IT organizations are challenged to keep up with the mobile demands of today s fast-paced workforce and at the

More information

Solutions Guide. Deploying Citrix NetScaler with Microsoft Exchange 2013 for GSLB. citrix.com

Solutions Guide. Deploying Citrix NetScaler with Microsoft Exchange 2013 for GSLB. citrix.com Deploying Citrix NetScaler with Microsoft Exchange 2013 for GSLB Table of Contents Introduction 3 Overview of Microsoft Exchange 2013 3 Why NetScaler GSLB for Exchange 2013? 3 Topology 3 Single Namespace

More information

5 Reasons Why GoToAssist Remote Support and Service Desk Go Better Together

5 Reasons Why GoToAssist Remote Support and Service Desk Go Better Together 5 Reasons Why GoToAssist Remote Support and Service Desk Go Better Together Improve your customer support experience with the integrated GoToAssist toolset. GoToAssist Remote Support makes it easy to help

More information

Citrix Workspace Cloud Apps and Desktop Service with an on-premises Resource Reference Architecture

Citrix Workspace Cloud Apps and Desktop Service with an on-premises Resource Reference Architecture Citrix Workspace Cloud Apps and Desktop Service with an on-premises Resource Reference Architecture Produced by Citrix Solutions Lab This guide walks you through an example of how to use Citrix Workspace

More information

The fastest, most secure path to mobile employee productivity

The fastest, most secure path to mobile employee productivity The fastest, most secure path to mobile employee productivity 2 If your organization lacks a bring-your-own-device (BYOD) strategy, you may be in danger of losing employees who are unhappy because they

More information

Citrix desktop virtualization and Microsoft System Center 2012: better together

Citrix desktop virtualization and Microsoft System Center 2012: better together Citrix desktop virtualization and Microsoft System Center 2012: better together 2 Delivery of applications and data to users is an integral part of IT services today. But delivery can t happen without

More information

Websense Data Security Gateway and Citrix NetScaler SDX Platform Overview

Websense Data Security Gateway and Citrix NetScaler SDX Platform Overview Websense Data Security Gateway and Citrix NetScaler SDX Platform Overview 2 The next generation of SDX platform provides the foundation for further integration. Today, Citrix NetScaler SDX appliances enable

More information

White Paper. HIPAA-Regulated Enterprises. Paper Title Here

White Paper. HIPAA-Regulated Enterprises. Paper Title Here White Paper White Endpoint Paper Backup Title Compliance Here Additional Considerations Title for Line HIPAA-Regulated Enterprises A guide for White IT professionals Paper Title Here in healthcare, pharma,

More information

HIPAA Security Checklist

HIPAA Security Checklist HIPAA Security Checklist The following checklist summarizes HIPAA Security Rule requirements that should be implemented by covered entities and business associates. The citations are to 45 CFR 164.300

More information

HIPAA Information Security Overview

HIPAA Information Security Overview HIPAA Information Security Overview Security Overview HIPAA Security Regulations establish safeguards for protected health information (PHI) in electronic format. The security rules apply to PHI that is

More information

Effective hosted desktops

Effective hosted desktops Effective hosted desktops HP ConvergedSystem 100 for Hosted Desktops with Citrix XenDesktop 2 Driven by strong adoption of mobility technology, effective desktop and application virtualization, hosted

More information

Bring your own device freedom

Bring your own device freedom Bring your own device freedom BYOD solutions for federal government enterprises The Digital Government Strategy, issued by Federal Chief Information Officer (CIO) Steven VanRoekel on May 23, 2012, called

More information

GoToAssist Remote Support HIPAA compliance guide

GoToAssist Remote Support HIPAA compliance guide GoToAssist emote Support HIPAA compliance guide Privacy, productivity and remote support 2 The healthcare industry has benefited greatly from the ability to receive remote support from technology providers

More information

Comprehensive Enterprise Mobile Management for ios 8

Comprehensive Enterprise Mobile Management for ios 8 Comprehensive Enterprise Mobile Management for ios 8 Citrix XenMobile enhances the new iphone and ipad operating system to give mobile users increased functionality and enterprises greater management and

More information

Overview of the HIPAA Security Rule

Overview of the HIPAA Security Rule Office of the Secretary Office for Civil Rights () Overview of the HIPAA Security Rule Office for Civil Rights Region IX Alicia Cornish, EOS Sheila Fischer, Supervisory EOS Topics Upon completion of this

More information

Run Skype for Business as a Secure Virtual App with a Great User Experience

Run Skype for Business as a Secure Virtual App with a Great User Experience Run Skype for Business as a Secure Virtual App with a Great User Experience Improve security and manageability while avoiding the performance problems of traditional virtual installations. Deliver secure,

More information

Using Vasco IDENTIKEY Server with NetScaler

Using Vasco IDENTIKEY Server with NetScaler Using Vasco IDENTIKEY Server with NetScaler Deployment Guide This deployment guide describes the process for deploying Vasco IDENTIKEY server with NetScaler to enable secure authentication for application

More information

Windows XP Application Migration Checklist

Windows XP Application Migration Checklist Windows XP Application Migration Checklist Accelerate XP migration planning 2 Whether just beginning a Microsoft Windows XP application migration project or moving forward on an existing project, it s

More information

Citrix Ready Solutions Brief. CA Single Sign-On and Citrix NetScaler: Quickly Adapt to Your Dynamic Authentication Demands. citrix.

Citrix Ready Solutions Brief. CA Single Sign-On and Citrix NetScaler: Quickly Adapt to Your Dynamic Authentication Demands. citrix. CA Single Sign-On and Citrix NetScaler: Quickly Adapt to Your Dynamic Authentication Demands citrix.com/ready CA Technologies and Citrix have partnered to integrate their complementary, industry-leading

More information

Data Center Consolidation for Federal Government

Data Center Consolidation for Federal Government Data Center Consolidation for Federal Government Virtual computing transforms IT environments so agencies can cut costs, bolster efficiency and agility, and improve user productivity In a slow economy,

More information

Enabling mobile workstyles with an end-to-end enterprise mobility management solution.

Enabling mobile workstyles with an end-to-end enterprise mobility management solution. Mobile workstyles White Paper Enabling mobile workstyles with an end-to-end enterprise mobility management solution. 2 The evolution of mobile workstyles has made it increasingly important for professionals

More information

Support for the HIPAA Security Rule

Support for the HIPAA Security Rule WHITE PAPER Support for the HIPAA Security Rule PowerScribe 360 Reporting v2.0 HEALTHCARE 2 SUMMARY This white paper is intended to assist Nuance customers who are evaluating the security aspects of PowerScribe

More information

Subscriber Engagement Suite

Subscriber Engagement Suite Subscriber Engagement Suite 2 The ByteMobile Subscriber Engagement Suite (SES) gives operators new opportunities to enhance their value in the mobile network value chain, allowing them to actively engage

More information

Cisco and Citrix: Building Application Centric, ADC-enabled Data Centers

Cisco and Citrix: Building Application Centric, ADC-enabled Data Centers Solutions Brief : Building Application Centric, ADC-enabled Data Centers Cisco Application Centric Infrastructure (ACI) integrates Citrix NetScaler Application Delivery Controller (ADC) appliances to reduce

More information

How four Citrix customers solved the enterprise mobility challenge

How four Citrix customers solved the enterprise mobility challenge How four Citrix customers solved the enterprise mobility challenge Managing mobile devices, data and all types of apps Windows, datacenter, web and native mobile through a single solution 2 Enterprise

More information

Trend Micro InterScan Web Security and Citrix NetScaler SDX Platform Overview

Trend Micro InterScan Web Security and Citrix NetScaler SDX Platform Overview Trend Micro InterScan Web Security and Citrix NetScaler SDX Platform Overview 2 Trend Micro and Citrix have a long history of partnership based upon integration between InterScan Web Security and Citrix

More information

Securing Outlook Web Access (OWA) 2013 with NetScaler AppFirewall

Securing Outlook Web Access (OWA) 2013 with NetScaler AppFirewall Solution Guide Securing Outlook Web Access (OWA) 2013 with NetScaler AppFirewall Solution Guide This solution guide provides guidelines for securing Exchange 2013 Outlook Web Access (OWA) with NetScaler

More information

HIPAA Audit Processes HIPAA Audit Processes. Erik Hafkey Rainer Waedlich

HIPAA Audit Processes HIPAA Audit Processes. Erik Hafkey Rainer Waedlich HIPAA Audit Processes Erik Hafkey Rainer Waedlich 1 Policies for all HIPAA relevant Requirements and Regulations Checklist for an internal Audit Process Documentation of the compliance as Preparation for

More information

Desktop virtualization for all

Desktop virtualization for all Desktop virtualization for all 2 Desktop virtualization for all Today s organizations encompass a diverse range of users, from road warriors using laptops and mobile devices as well as power users working

More information

HIPAA SECURITY RULES FOR IT: WHAT ARE THEY?

HIPAA SECURITY RULES FOR IT: WHAT ARE THEY? HIPAA SECURITY RULES FOR IT: WHAT ARE THEY? HIPAA is a huge piece of legislation. Only a small portion of it applies to IT providers in healthcare; mostly the Security Rule. The HIPAA Security Rule outlines

More information

HIPAA Compliance: Are you prepared for the new regulatory changes?

HIPAA Compliance: Are you prepared for the new regulatory changes? HIPAA Compliance: Are you prepared for the new regulatory changes? Baker Tilly CARIS Innovation, Inc. April 30, 2013 Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed

More information

HIPAA compliance. Guide. and HIPAA compliance. gotomeeting.com

HIPAA compliance. Guide. and HIPAA compliance. gotomeeting.com and HIP compliance 2 The Health Insurance Portability and ccountability ct (HIP) calls for privacy and security standards that protect the confidentiality and integrity of patient health information. Specifically,

More information

WHITE PAPER. Support for the HIPAA Security Rule RadWhere 3.0

WHITE PAPER. Support for the HIPAA Security Rule RadWhere 3.0 WHITE PAPER Support for the HIPAA Security Rule RadWhere 3.0 SUMMARY This white paper is intended to assist Nuance customers who are evaluating the security aspects of the RadWhere 3.0 system as part of

More information

Nationwide Review of CMS s HIPAA Oversight. Brian C. Johnson, CPA, CISA. Wednesday, January 19, 2011

Nationwide Review of CMS s HIPAA Oversight. Brian C. Johnson, CPA, CISA. Wednesday, January 19, 2011 Nationwide Review of CMS s HIPAA Oversight Brian C. Johnson, CPA, CISA Wednesday, January 19, 2011 1 WHAT I DO Manage Region IV IT Audit and Advance Audit Technique Staff (AATS) IT Audit consists of 8

More information

Mobility and cloud transform access and delivery of apps, desktops and data

Mobility and cloud transform access and delivery of apps, desktops and data Mobility and cloud transform access and delivery of apps, desktops and data Unified app stores and delivery of all apps (Windows, web, SaaS and mobile) and data to any device, anywhere. 2 The cloud transforms

More information

How To Get Cloud Services To Work For You

How To Get Cloud Services To Work For You Product Overview Citrix CloudPortal Business Manager Unified cloud services delivery and business management platform Enterprises and cloud providers have focused most of their initial cloud strategies

More information

Single Sign On for ShareFile with NetScaler. Deployment Guide

Single Sign On for ShareFile with NetScaler. Deployment Guide Single Sign On for ShareFile with NetScaler Deployment Guide This deployment guide focuses on defining the process for enabling Single Sign On into Citrix ShareFile with Citrix NetScaler. Table of Contents

More information