NET ACCESS HIPAA COMPLIANT FLEXCloud

2015 SOLUTION BRIEF NET ACCESS HIPAA COMPLIANT FLEXCloud A Managed Infrastructure Solution that Meets the Regulatory Demands of the Health Care Industry NET ACCESS LLC 9 Wing Drive Cedar Knolls, NJ 07927 www.nac.net

Table of Contents 1. Introduction... 2 2. Net Access Managed Services Solution Process Flow... 3 3. FLEX Services Solution Components... 4 4. Use Case & Solution Overview... 5 5. Solution Diagram... 6 6. HIPPA Regulations and Safeguards... 7

1. Introduction For 20-plus years, Net Access has been passionate about finding smarter, better ways to solve our clients technology challenges. Leveraging our portfolio of enterprise data center services - including cloud, colocation, networking and managed services - we re able to craft a multi- technology thinking infrastructure that s flexible enough to change on-the-fly to optimize speed, efficiency and reliability. These managed solutions takes full advantage of our next-generation data centers, our knowledgeable and tenured staff and our 24/7/365 Network Operations Center. We believe that this attention to detail and dedication is why businesses that rely on their critical IT infrastructure also rely on Net Access. Federal regulations regarding the protection of patient health information are growing in number and in scope. As these regulations have increased in complexity, health industry entities have had to allocate more time and financial resources to securing their IT infrastructure and data, at the expense of their primary business of providing quality health services. Often times this involves hiring expensive IT experts to design, implement, and migrate existing infrastructure and data, as well as adding ongoing maintenance and management costs of these systems. Unfortunately, creating and maintaining an entirely new support staff to ensure regulatory compliance simply isn t ideal for most companies. To assist health industry customers in tackling this problem, Net Access has tailored its FLEXCloud solution into a HIPAA-compliant offering. Net Access s data centers and cloud infrastructure have both been audited by third-party CPAs to ascertain that both specifically meet HIPAA regulatory requirements. This catered solution takes into account all HIPAA provisions, including Security Rule specifications for administrative, physical, and technical safeguarding of Protected Health Information (PHI). A comprehensive Breach Rule policy has also been developed by Net Access, as well as standardized Business Associate Agreements (BAAs) for customer convenience. When combined, all elements of Net Access HIPAA compliant FLEXCloud provide for a simplified, cost-efficient solution to the ever growing regulatory demands of the health care industry. All of our managed infrastructure solutions use an OPEX price model. This converts capital expenditure cost into a manageable monthly fee, providing easier budgeting due to a consistent spend. Without high upfront costs for additional hardware or additional staff, customers can enact upgrades and expansions quickly and easily. By reducing CAPEX for infrastructure, our clients can reinvest into what matters most: the core business.

2. Net Access Managed Services Solution Process Flow Consultation and Design Net Access Engineers will meet with the customer in a collaborative session to define the requirements and review the proposed solution. A dedicated engineer provides consultation and planning to ensure that the deployment of the solution meets the client s deadlines, expectations, and functionality. Net Access strives to ensure all customers are provided a service that is the right fit for them. Some environments are small and static and some environments are large and need to scale. Net Access engineers can design a solution based on a number of needs. Implementation Net Access will perform a cooperative test and turn up of the design, working with the customer to verify all components meet their requirements, expectations, and security concerns. A dedicated Managed Services Engineer is available during this process to make any necessary adjustments and ensure that the client is satisfied. Net Access will also work with third party integrators or vendors that will be involved in the deployment of the solution to simplify the process. Ongoing Management and Support Managed services are fully maintained by Net Access and monitored by our Network Operation Center 24/7/365. Ongoing support of hardware and software in the proposed solution is provided by Net Access and our technical staff. All of our solutions include proactive updates, hardware replacement, configuration assistance, and security auditing.

3. FLEX Services Solution Components The following FLEX Services are utilized in the solutions outlined in this document: FLEXSecurity Managed Firewall Dedicated next generation firewall with options for Remote Access, Site-to-Site VPN, and High Availability. Security features can include full UTM (unified threat management) - deep packet inspection intrusion detection, and advanced screening and filtering for URL, Web, Email, SPAM, and viruses. Available as a virtualized or hardware appliance. FLEXServer Rapidly deployed, securely hosted dedicated servers that can be connected to the Internet, other Net Access FLEX services or a client s existing network infrastructure to create a true hybrid solution. Net Access provides maintenance of the physical hardware, the supply of power, the network connectivity and provisions any purchased upgrades of the hardware. FLEXVirtualDC Our virtualized enterprise data center offering. Available as a dedicated or multi-tenant solution, FLEXVirtualDC allows clients to deploy, adjust and expand Virtual Machines (VM) on-demand using committed pool of compute, memory, storage and bandwidth resources via a self-service web portal. FLEXBackup Shared, dedicated or combined cloud backup and recovery solution that is securely hosted in a Net Access data center. FLEXBackup can be deployed as a complement to existing on-site office infrastructure, existing infrastructure within a Net Access data center or combined with any of our other FLEXServices. Advanced options include AES-256 encryption, deduplication, and numerous replication, restoration and recovery options. FLEXLoadBalancer - Virtual or hardware appliance solutions designed to evenly distribute web traffic over multiple servers. Features GSLB enabling multi-site failover, location based application balancing, and even IPv6 to IPv4 conversion. FLEXStorage Managed SAN and NAS storage infrastructures that can be either shared, dedicated or mixed, and support both file and block protocols natively including NFS, CIFS, SFTP and iscsi.

4. Use Case & Solution Overview CUSTOMER PROFILE: A leading developer of a custom mobile application for doctor and patient collaboration on the impacts of newly introduced drugs. The application allows for the logging of prescription medication intake and tracks its impact, including side effects, over time. CUSTOMER REQUIREMENTS: Virtual server development and production environments Highly available and secure web services infrastructure Secure daily backups Secure communications between office(s) and virtual environment HIPAA compliance NET ACCESS PROPOSED SOLUTION COMPONENTS: Net Access recommended a HIPAA compliant FLEXCloud solution, which included the following FLEX services: FLEXServer FLEXVirtualDC FLEXLoadBalancer FLEXSecurity Firewall FLEXBackup FLEXStorage The proposal also included management by Net Access of all networking devices, storage units, and backups to improve compliance consistency by means of a single IT support staff. SOLUTION HIGHLIGHTS: FLEXVirtualDC provides a simplified web interface front-end to the virtual cloud environment, fallowing for rapid provisioning of FLEXServer and FLEXStorage hardware resources. The virtual cloud environment allows for the segregation of multiple networks and VM groups, creating independent development and production environments, with the former being accessible only over encrypted VPNs from remote office(s), and the latter accessible by the public Internet. The virtual environment is highly available, configured across multiple FLEXServers and backed by resilient FLEXStorage SAN components. The production environment web services will be highly available and secure, incorporating FLEXLoadBalancer features to evenly distribute load across virtual machines, and FLEXSecurity Firewall to restrict access with granular rulesets. FLEXSecurity Firewall, offered with high availability options, will also act as a highly available encrypted VPN tunnel termination point. FLEXBackup will be configured with daily scheduled incremental backup jobs, backed up postencryption at Net Access remote data center to provide recovery means. Communications between the virtual environment and remote client office(s) will be secured via encrypted VPN connections, and encrypted backups are to be stored at a remote data center on a daily basis.

5. Solution Diagram

6. HIPPA Regulations and Safeguards All proposed FLEXCloud components account for HIPAA regulations regarding the safeguarding of patient data (table below), or Protected Health Information (PHI). The solution aims to simplify and isolate management domains by providing a single management interface to the client, leaving remaining management responsibilities to Net Access IT support staff. With this isolation, Net Access can more efficiently adhere to key elements of HIPAA regulations as they pertain to provided solutions. Safeguard Administrative HIPAA Safeguards Scope Clearly define HIPAA compliant services for which administrative security, training, and contingency efforts must be addressed or implemented Clearly define HIPAA compliant services for which business associate agreements (BAAs) must be made between Net Access and clients Physical Clearly define HIPAA compliant services for which management and maintenance of facility access and contingency efforts must be addressed or implemented Clearly define Net Access IT support staff management access requirements and policies Technical Clearly define HIPAA compliant services for which Net Access IT support staff management access control efforts must be addressed or implemented Clearly define HIPAA compliant services for which logging and audit efforts must be addressed or implemented Clearly define HIPAA compliant services for which authentication mechanism efforts are addressed or implemented Clearly define HIPAA compliant services for which secure transmissions of data efforts are addressed or implemented A Net Access BAA template is to be made available to client to be used with or without modification. Client modifications are subject to Net Access Sales and management review.