HIPAA compliance. Guide. and HIPAA compliance. gotomeeting.com



Similar documents
GoToAssist Remote Support HIPAA compliance guide

Citrix GoToAssist Service Desk Security

Corporate and Payment Card Industry (PCI) compliance

How to Increase Your Sales Close Rates with Video Conferencing

The Health Insurance Portability and Accountability Act - HIPAA - Using BeAnywhere on a HIPAA context

Three reasons. why IT pros choose GoToAssist over the competition. Real customers share their insights on IT support tools.

WHITE PAPER. GoToMyPC. Citrix GoToMyPC Corporate Security FAQs. Common security questions about Citrix GoToMyPC Corporate.

GoToAssist Express Best Practices Guide to Unattended Support

HIPAA. considerations with LogMeIn

Citrix GoToMyPC Corporate Provisioning Tool. Seamlessly integrate the GoToMyPC Corporate solution with your existing support infrastructure.

LogMeIn HIPAA Considerations

Solutions Brief. Citrix Solutions for Healthcare and HIPAA Compliance. citrix.com/healthcare

GoToMyPC Technology Making Life Simpler for Remote and Mobile Workers

itrust Medical Records System: Requirements for Technical Safeguards

HIPAA Security: Complying with the HIPAA Security Rule Implementation Specifications Are You Correctly Addressing Them?

Advanced Service Desk Security

Workplace mobility and the small business

HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER

Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and

GoToMyPC reviewer s guide

HIPAA Security. 4 Security Standards: Technical Safeguards. Security Topics

STATEMENT OF WORK FOR HIPAA SECURITY RISK ANALYSIS

GoToMyPC Corporate Security FAQs

HIPAA Compliance Guide

IBM Internet Security Systems. The IBM Internet Security Systems approach for Health Insurance Portability and Accountability Act compliance overview

Datto Compliance 101 1

HIPAA Information Security Overview

HIPAA and HITECH Act. Compliance Guide

HIPAA, PHI and . How to Ensure your and Other ephi are HIPAA Compliant.

VMware vcloud Air HIPAA Matrix

Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES

Develop HIPAA-Compliant Mobile Apps with Verivo Akula

HIPAA Security Alert

HIPAA Privacy & Security White Paper

Where do you work? Where do you work?

Safeguard Protected Health Information With Citrix ShareFile

How Managed File Transfer Addresses HIPAA Requirements for ephi

HIPAA Audit Processes HIPAA Audit Processes. Erik Hafkey Rainer Waedlich

An Effective MSP Approach Towards HIPAA Compliance

WHITE PAPER. HIPAA-Compliant Data Backup and Disaster Recovery

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)

MANAGED FILE TRANSFER: 10 STEPS TO HIPAA/HITECH COMPLIANCE

WHITE PAPER. HIPPA Compliance and Secure Online Data Backup and Disaster Recovery

An Oracle White Paper December Leveraging Oracle Enterprise Single Sign-On Suite Plus to Achieve HIPAA Compliance

HIPAA Security. 1 Security 101 for Covered Entities. Security Topics

HIPAA Compliance and Wireless Networks Cranite Systems, Inc. All Rights Reserved.

HIPAA Security Checklist

HIPAA Compliance and Wireless Networks

Getting Started. Send a file in 3 easy steps Quickly organize and share your files

MAX Insight. HIPAA Hardening & Configuration Guide for MSP s

HIPAA SECURITY RULES FOR IT: WHAT ARE THEY?

Healthcare Compliance Solutions

HIPAA Security COMPLIANCE Checklist For Employers

HIPAA/HITECH PRIVACY & SECURITY CHECKLIST SELF ASSESSMENT INSTRUCTIONS

CHIS, Inc. Privacy General Guidelines

WHITEPAPER XMEDIUSFAX CLOUD FOR HEALTHCARE AND HIPAA COMPLIANCE

Security Architecture Whitepaper

HIPAA COMPLIANCE AND DATA PROTECTION Page 1

Secure Data Sharing in the Enterprise

HIPAA Security Series

GoToMyPC Corporate Advanced Firewall Support Features

BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO

C.T. Hellmuth & Associates, Inc.

GoToMeeting Reviewer s Guide

Simplicity is power.

Appendix 4-2: Sample HIPAA Security Risk Assessment For a Small Physician Practice

HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant

How To Write A Health Care Security Rule For A University

RSA Adaptive Authentication and Citrix NetScaler SDX Platform Overview

ITUS Med Solutions. HITECH & HIPAA Compliance Guide

HIPAA Security Rule Compliance

Policies and Compliance Guide

HIPAA SECURITY RISK ASSESSMENT SMALL PHYSICIAN PRACTICE

HIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics

HIPAA COMPLIANCE REVIEW

Ensuring HIPAA Compliance with Pros 4 Technology Online Backup and Archiving Services

HIPAA COMPLIANCE AND

HIPAA Security Matrix

HIPAA DATA SECURITY & PRIVACY COMPLIANCE

Policy Title: HIPAA Access Control

White Paper. BD Assurity Linc Software Security. Overview

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

UNIVERSITY OF CALIFORNIA, SANTA CRUZ 2015 HIPAA Security Rule Compliance Workbook

Pennsylvania Department of Public Welfare. Bureau of Information Systems OBSOLETE. Secure User Guide. Version 1.0.

Transcription:

and HIP compliance

2 The Health Insurance Portability and ccountability ct (HIP) calls for privacy and security standards that protect the confidentiality and integrity of patient health information. Specifically, if you are transmitting patient data across the Internet during an online meeting or video conference, your online meeting solution and security architecture must provide end-to-end encryption and meeting access control so the data cannot be intercepted by anyone other than the invited participants. Citrix is an online meeting solution that can help your company or office meet these guidelines. The following matrix demonstrates how can support HIP compliance and is based upon the HIP Security Standards rule published in the Federal egister on February 20, 2003 (45 CF Parts 160, 162 and 164 Health Insurance eform: Security Standards; Final ule). The Department of Health and Human Services provides the HIP Security Standards on its website: http://aspe.os.dhhs.gov/admnsimp/finl/f03-8334.pdf. For more information about security, download the Security White Paper at www./en_us/pre/corp/security.tmpl.

3 Technical Safeguards 164.312 Standards Covered Entities Must (a) (1) ccess Control ation Specifications =equired =ddressable Unique User Identification Emergency ccess Procedure utomatic Logoff Encryption and Decryption Key factors technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to authorized persons or software programs. ssign a unique name and/or number for identifying and tracking user identity. Establish (and implement as needed) procedures for obtaining necessary electronic information during an emergency. electronic procedures that terminate an electronic session after a predetermined time of inactivity. a mechanism to encrypt and decrypt electronic protected health information. Support in Meeting access is protected by a unique meeting code and optional strong password authentication. Configurable failed log-in lockout threshold. Meetings are not listed publicly, and access is restricted to invited participants. Meeting organizer can easily disconnect attendees or terminate sessions in progress. Organizers and account administrators* use their unique email address as their login name; they must also enter a unique account password. One-click meetings provide rapid, secure access to an online meeting from virtually anywhere, which may be used as a supplementary method for providing emergency access to healthcare information. Organizer-configurable session inactivity time-out ensures that screen sharing is not enabled indefinitely. Website inactivity time-out automatically logs users out of their accounts. ll sensitive chat, session and control data transmitted across the network is protected using the dvanced Encryption Standard (ES) with a 128-bit key. unique 128-bit ES encryption key is generated and securely distributed to all participants at the start of each session.

4 Standards Covered Entities Must ation Specifications =equired =ddressable Key factors (b) udit Controls hardware, software and/ or procedural mechanisms that record and examine activity in information systems that contain or use electronic information. (c)(1) Integrity policies and procedures to protect electronic information from improper alteration or destruction. (c)(1) Integrity Mechanism (d) Person or Entity uthentication Mechanism to authenticate electronic protected health information. methods to corroborate that information has not been destroyed or altered. Verify that the person or entity seeking access is the one claimed. Support in ll connection and session activity through the Citrix distributed network service infrastructure is logged for security and quality-of-service purposes. ccount managers* have web-based access to management and reporting tools. Integrity protection mechanisms are designed to ensure a high degree of data and service integrity, working independently of any integrity controls that may already exist on the customer s computers and internal data systems. The presenter can choose to not share keyboard and mouse control, ensuring the integrity of application commands and inputs. ll executables are digitally signed. ll transmitted data is integrity protected using HMC-SH-1 message authentication codes. Meeting organizers must log in to using a unique email address and account password. Meeting access is protected by a unique code and optional strong password. Only invited participants may view shared meeting data. ccess to data and applications on the presenter s computer is always under the presenter s control.

5 Standards Covered Entities Must (e)(1) Transmission Security ation Specifications =equired =ddressable Integrity Controls Key factors Protect electronic health information that is being transmitted over a network. Ensure that information is not improperly modified without detection. Encryption Encrypt protected health information whenever deemed appropriate. Support in provides true end-to-end data security that addresses both passive and active attacks against confidentiality. ll transmitted data is integrity protected using HMC-SH-1 message authentication codes. ll sensitive chat, session, video, audio, and control data transmitted across the network is protected using the dvanced Encryption Standard (ES) with a 128-bit key. *This administrative function only applies to accounts with multiple users. Healthcare applications Physicians, nurses, IS/IT staff, administrative employees and authorized healthcare partners can use the patented web-based screen-sharing, video conferencing and audio technology to instantly and securely meet online with other healthcare professionals and share files, database applications and other corporate resources from any location connected to the web. Unlike other web conferencing solutions, does not distribute the actual patient data across networks. ather, by using screen-sharing technology, security is strengthened because only mouse and keyboard commands are transmitted. further protects data confidentiality through a combination of encryption, strong access control and other protection methods. Security and control Only organizers approved by account administrators can organize online meetings in accounts with multiple organizers. Organizers control online meeting attendance through the use of meeting ID codes and optional passwords. Only one person can present at a time, and the presenter (either the organizer or a person chosen by the organizer) maintains complete control of screen sharing, in addition to keyboard and mouse control. Thus, participants can only view information the presenter chooses and can only make changes if the presenter allows them to. In addition, organizers can disconnect attendees when necessary, and organizers and account administrators can both terminate meetings in progress at any time.

6 Encryption employs industry-standard end-to-end dvanced Encryption Standard (ES) encryption using 128-bit keys to protect the data stream, chat messages and keyboard and mouse input. encryption fully complies with HIP Security Standards to ensure the security and privacy of patient data. Frequently asked questions Q: What are the general requirements of the HIP Security Standards? (ef: 164.306 Security Standards: General ules) Covered entities must do the following: 1. Ensure the confidentiality, integrity and availability of all electronic protected health information the covered entity creates, receives, maintains or transmits. 2. Protect against any reasonably anticipated threats or hazards to the security or integrity of such information. 3. Protect against any reasonably anticipated uses or disclosures of such information that are not permitted or required under the privacy regulations. 4. Ensure compliance with this subpart by its workforce. Q: How are covered entities expected to address these requirements? Covered entities may use any security measures that reasonably and appropriately implement the standards; however, covered entities must first take into account the risks to protected electronic information; the organization s size, complexity and existing infrastructure; and costs. The final rule includes three safeguards sections outlining standards (what must be done) and implementation specifications (how it must be done) that are either required or addressable. If required, it must be implemented to meet the standard; if addressable, a covered entity can either implement it, implement an equivalent measure or do nothing (documenting why it would not be reasonable and appropriate). dministrative Safeguards: Policies and procedures, workforce security and training, evaluations and business associate contracts. Physical Safeguards: Facility access, workstation security and device and media controls. Technical Safeguards: ccess control, audit controls, data integrity, authentication and transmission security. Q: What is Citrix doing to help customers address HIP regulations? To facilitate our customers compliance with HIP security regulations, Citrix is providing detailed information about the security safeguards we have implemented into the service. This information is provided in this

7 document, our security white paper and other technical collateral. dditionally, our Client Services group is available to provide guidance and assistance in all deployments. Q: Is HIP compliant? lthough HIP compliance per se is applicable only to entities covered by HIP regulations (e.g., healthcare organizations), the technical security controls employed in the service and associated host and client software meet or exceed HIP technical standards. Furthermore, the administrative configuration and control features provided with support healthcare-organization compliance with the dministrative and Physical Safeguards sections of the final HIP Security ules. The net result is that may be confidently deployed as an outsourced remote-access component of a larger information-management system without affecting HIP compliance. Q: What is the best way to deploy in an environment subject to HIP regulations? Just as HIP allows considerable latitude in the choice of how to implement security safeguards, a single set of guidelines is not applicable for all deployments. Organizations should carefully review all configurable security features of in the context of their specific environments, user population and policy requirements to determine which features should be enabled and how best to configure. North merica Citrix Online, LLC 7414 Hollister venue Goleta, C 93117 U.S.. T +1 805 690 6400 info@citrixonline.com Europe, Middle East & frica Citrix Online, UK Ltd Chalfont Park House Chalfont Park, Gerrards Cross Bucks SL9 0DZ United Kingdom T +44 (0) 800 011 2120 europe@citrixonline.com sia Pacific Citrix Online, US Pty Ltd Level 3, 1 Julius venue iverside Corporate Park North yde NSW 2113 ustralia T +61 2 8870 0870 asiapac@citrixonline.com bout Citrix Citrix (NSDQ:CTXS) is the cloud company that enables mobile workstyles empowering people to work and collaborate from anywhere, easily and securely. With market-leading solutions for mobility, desktop virtualization, cloud networking, cloud platforms, collaboration and data sharing, Citrix helps organizations achieve the speed and agility necessary to succeed in a mobile and dynamic world. Citrix products are in use at more than 260,000 organizations and by over 100 million users globally. Learn more at www.citrix.com. 2013 Citrix Online, LLC. ll rights reserved. Citrix, GoTossist,, GoToMyPC, GoToTraining, GoToWebinar, Podio and ShareFile are trademarks of Citrix or a subsidiary thereof, and are or may be registered in the U.S. Patent and Trademark Office and other countries. ll other trademarks are the property of their respective owners. 7.8.13/B-88777/PDF

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information