WHITE PAPER. HIPPA Compliance and Secure Online Data Backup and Disaster Recovery



Similar documents
Ensuring HIPAA Compliance with Pros 4 Technology Online Backup and Archiving Services

Ensuring HIPAA Compliance with AcclaimVault Online Backup and Archiving Services

Ensuring HIPAA Compliance with Computer BYTES Online Backup and Archiving Services

HIPAA COMPLIANCE AND DATA PROTECTION Page 1

HIPAA COMPLIANCE AND

WHITE PAPER. HIPAA-Compliant Data Backup and Disaster Recovery

eztechdirect Backup Service Features

Evolved Backup Features Computer Box 220 5th Ave South Clinton, IA

How To Backup Your Hard Drive With Pros 4 Technology Online Backup

SVA Backup Plus Features

Introduction. Ease-of-Use

Online Backup Solution Features

techsafe Features Technology Partners th Street - Vero Beach, FL (772) Page 1/

HIPAA Compliance and the Protection of Patient Health Information

CHIS, Inc. Privacy General Guidelines

VMware vcloud Air HIPAA Matrix

HIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics

Datto Compliance 101 1

HIPAA Security Series

Preparing for the HIPAA Security Rule

HIPAA Security Checklist

Securing the FOSS VistA Stack HIPAA Baseline Discussion. Jack L. Shaffer, Jr. Chief Operations Officer

HIPAA Audit Processes HIPAA Audit Processes. Erik Hafkey Rainer Waedlich

HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER

TECHNOLOGY OVERVIEW INTRONIS CLOUD BACKUP & RECOVERY

HIPAA Compliance Guide

HIPAA Information Security Overview

Healthcare Compliance Solutions

HIPAA/HITECH PRIVACY & SECURITY CHECKLIST SELF ASSESSMENT INSTRUCTIONS

IBM Internet Security Systems. The IBM Internet Security Systems approach for Health Insurance Portability and Accountability Act compliance overview

HIPAA Security Matrix

Features Security. File Versioning. Intuitive User Interface. Fast and efficient Backups

HIPAA Security. 4 Security Standards: Technical Safeguards. Security Topics

Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES

HIPAA Security. 1 Security 101 for Covered Entities. Security Topics

HIPAA Privacy & Security White Paper

HIPAA Compliance Guide

White Paper: Librestream Security Overview

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)

ITS HIPAA Security Compliance Recommendations

How To Write A Health Care Security Rule For A University

HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant

Krengel Technology HIPAA Policies and Documentation

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc.

Appendix 4-2: Sample HIPAA Security Risk Assessment For a Small Physician Practice

Policies and Compliance Guide

HIPAA and HITECH Regulations

HIPAA Security Alert

Leveraging Dedicated Servers and Dedicated Private Cloud for HIPAA Security and Compliance

HIPAA Security COMPLIANCE Checklist For Employers

HIPAA Security. assistance with implementation of the. security standards. This series aims to

Healthcare Management Service Organization Accreditation Program (MSOAP)

itrust Medical Records System: Requirements for Technical Safeguards

SECURITY RISK ASSESSMENT SUMMARY

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

efolder White Paper: HIPAA Compliance

HIPAA. considerations with LogMeIn

For more information on how to build a HIPAA-compliant wireless network with Lutrum, please contact us today!

The HIPAA Security Rule Primer A Guide For Mental Health Practitioners

BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO

C.T. Hellmuth & Associates, Inc.

Nationwide Review of CMS s HIPAA Oversight. Brian C. Johnson, CPA, CISA. Wednesday, January 19, 2011

HIPAA Security. 5 Security Standards: Organizational, Policies. Security Topics. and Procedures and Documentation Requirements

HIPAA Security. Jeanne Smythe, UNC-CH Jack McCoy, ECU Chad Bebout, UNC-CH Doug Brown, UNC-CH

Online Backup by Mozy. Common Questions

Pennsylvania Department of Public Welfare. Bureau of Information Systems OBSOLETE. Secure User Guide. Version 1.0.

Montclair State University. HIPAA Security Policy

RAYSAFE S1 SECURITY WHITEPAPER VERSION B. RaySafe S1 SECURITY WHITEPAPER

HIPAA SECURITY RISK ASSESSMENT SMALL PHYSICIAN PRACTICE

The HIPAA Security Rule Primer Compliance Date: April 20, 2005

Apptix Online Backup by Mozy

DRAFT Standard Statement Encryption

HIPAA PRIVACY AND SECURITY AWARENESS

GiftWrap 4.0 Security FAQ

Minimizing Computer Data Loss Risks With Online Backup. Seven Devastating but Common Computer Backup Mistakes

HIPAA Security. 2 Security Standards: Administrative Safeguards. Security. Topics

HIPAA Security Rule Compliance

FACT SHEET: Ransomware and HIPAA

Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and

Information Security Awareness Training Gramm-Leach-Bliley Act (GLB Act)

HIPAA/HITECH: A Guide for IT Service Providers

HIPAA: In Plain English

Enterprise Backup Overview Protecting Your Most Important Asset

HIPAA Security. 6 Basics of Risk Analysis and Risk Management. Security Topics

Transcription:

WHITE PAPER HIPPA Compliance and Secure Online Data Backup and Disaster Recovery January 2006

HIPAA Compliance and the IT Portfolio Online Backup Service Introduction October 2004 In 1996, Congress passed the Health Insurance Portability and Accountability Act ("HIPAA"). HIPAA was designed to reduce the administrative costs of healthcare, to promote the confidentiality and portability of patient records, to develop standards for consistency in the health care industry, and to provide an incentive for electronic communications. HIPAA applies to any health care providers, health plans and clearinghouses (collectively "Covered Entities") that electronically maintain or transmit health information pertaining to individuals. Covered Entities must have appropriate measures that address the physical, technical and administrative components of patient data privacy. With the exception of small health plans, all Covered Entities must have data security standards in place by April 21, 2005, when the Standards for the Security of Electronic Protected Health Information (the Security Rule ) of HIPAA goes into effect for most health care providers. Small health plans are exempted until April 21, 2006. The Security Rule requires health care providers to put in place certain administrative, physical and technical safeguards for electronic patient data. Among other things, Covered Entities will be required to have a Data Backup Plan, a Disaster Recovery Plan, and an Emergency Mode Operation Plan. Fortunately, there is a simple and affordable way to meet many of these security and contingency requirements: IT Portfolio online backup service. More about the HIPAA Security Rule The Security Rule applies to electronic protected health information. This is protected health information either transmitted by electronic media or maintained in electronic media. Covered entities that maintain or transmit protected health information are required by the Security Rule (see 45 C.F.R. 164.306) to: 1 Ensure the confidentiality, integrity, and availability of all electronic protected health information the covered entity creates, receives, maintains, or transmits. 2 Protect against any reasonably anticipated threats or hazards to the security or integrity of such information. 3 Protect against any reasonably anticipated uses or disclosures of such information that are not permitted or required under subpart E of this part. 4 Ensure compliance with this subpart by its workforce. According to the HIPAA regulations, Covered Entities are allowed to use a flexible approach when implementing the above requirements. Specifically, 1 Covered entities may use any security measures that allow the covered entity to reasonably and appropriately implement the standards and implementation specifications as specified in this subpart. 2. In deciding which security measures to use, a covered entity must take into account the following factors: (i) The size, complexity, and capabilities of the covered entity. (ii) The covered entity s technical infrastructure, hardware, and software security capabilities. (iii) (iv) The costs of security measures. The probability and criticality of potential risks to electronic protected health information.

The Security Rule is further detailed through 18 technical standards and 36 implementation specifications. These standards and specifications are classified into four categories: administrative safeguards, physical safeguards, technical safeguards and organizational requirements. HIPAA Security Rule and Electronic Data Backup A number of the Security Rule s standard and specifications apply to the backup and safekeeping of electronic data. Covered Entities must have a contingency plan and: Establish (and implement as needed) policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain electronic protected health information (Administrative Safeguards - 164.308(a)(7)(i)). This contingency plan must be implemented as follows: (A) Data backup plan (Required). Establish and implement procedures to create and maintain retrievable exact copies of electronic protected health information. (B) Disaster recovery plan (Required). Establish (and implement as needed) procedures to restore any loss of data. (C) Emergency mode operation plan (Required). Establish (and implement as needed) procedures to enable continuation of critical business processes for protection of the security of electronic protected health information while operating in emergency mode. Covered Entities must also have certain physical safeguards, such as facility access controls. They must: Implement policies and procedures to limit physical access to its electronic information systems and the facility or facilities in which they are housed, while ensuring that properly authorized access is allowed (Physical Safeguards - 164.310(a)(1)). The contingency operations should establish (and implement as needed) procedures that allow facility access in support of restoration of lost data under the disaster recovery plan and emergency mode operations plan in the event of an emergency ( 164.310(a)(2)(i)). In addition, Covered Entities must implement certain technical safeguards ( 164.312) to, among other things: Limit access to and electronic protected health information. Encrypt and decrypt electronic protected health information. Put into place audit controls that record and examine activity in information systems that contain or use electronic protected health information. Implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network. HIPAA Compliance and IT Portfolio Online Backup IT Portfolio online backup can help your health organization meet HIPAA compliance requirements, specifically those of the Security Rule. HIPPA and Disaster Recovery, from IT Portfolio, Inc. Technologies, is a secure, online backup service that automates the process of backing up electronic data. IT Portfolio was created, with healthcare providers in mind, to satisfy the broad need for an easy to use, automatic and secure method of backing up data offsite. The goal of IT Portfolio was to design a cost-effective backup service that could be used by anyone regardless of computer expertise, yet with the

functionality and features of backup systems used by Fortune 500 companies. Since its market introduction, IT Portfolio has quickly gained recognition with customers nationwide, who have come to recognize that IT Portfolio provides them with a backup solution that is simple to setup, easy to use, completely automatic and most importantly, secure and reliable. IT Portfolio Security and Encryption All data, including patient and billing records, is encrypted before it leaves the user s computer(s) and is never accessible without the user s encryption key. This encryption key is stored only on the user s system and is never transmitted over the Internet nor is it stored on IT Portfolio, Inc. s servers. Thus, only the user has access to his or her files, eliminating the threat of unauthorized access. Even IT Portfolio, Inc. cannot access the files or even read the filenames. Each file is individually encrypted using the unique 256 bit encryption key. IT Portfolio uses 256-bit Advanced Encryption Standard (AES) encryption technology. AES encryption was developed by the U.S. National Institute of Standards and Technology (NIST) and is now the state-of-the-art standard encryption technique for both commercial and government applications. Moreover, in June 2003, 256-AES was approved by the United State's National Security Agency (NSA) for use encrypting the U.S. government's documents classified "TOP SECRET." For added security, and to meet the Security Rule s transmission requirements, each encrypted file is then sent over the Internet via a secure channel using Secure Sockets Layer (SSL) technology. This is the same Internet transmission technology that is used for online banking and online credit card applications. As a result, data is encrypted twice. It is encrypted at all times using the 256-bit AES encryption, and it is encrypted again while it is being sent over the Internet, to and from the IT Portfolio, Inc. servers. Further, all user data is sent to and stored in two redundant secure data centers, located hundreds of miles apart from each other (Northern New Jersey and Toronto, Ontario, Canada). Each data center has 24/7 onsite monitoring, advanced security technology such as biometric access controls, backup generators and redundant connections to the Internet. IT Portfolio Logging and Archiving Each file that is backed up or restored, as well as additional information and statistics about backups is recorded in a log within the IT Portfolio software. This log, which can easily be searched, allows the user to verify that files were successfully backed up and help troubleshoot any issues that may be occurring. The user also has the option of receiving an automated email notification at the conclusion of each successful backup. For further HIPAA compliance, CDs and DVDs of data are available for additional archiving. Backing Up and Restoring with IT Portfolio Backups and restores are automated, eliminating the need for manual data handling. Backups will begin automatically according to each backup set s backup schedule as long as the computer is on and functioning (and not in sleep or powersave mode). Backups can also be initiated by the user at any time. Because backups run in the background of the system, they have little or no impact on the computer's performance or Internet connectivity. Restoring files can be done in just a few clicks of the mouse. Using the IT Portfolio software, the user simply clicks

on the individual files or folders or revisions that he or she wants to retrieve. The file or files will then be downloaded to the user s computer, decrypted, uncompressed and then restored to their original location or another specified location on the user s system. A password is required to restore any files, preventing unauthorized restores, as per the HIPAA Security Rule. In the event of a complete system failure, a full recovery of the user s backed up data can be initiated in minutes. This recovery can be done on any Windows based computer, and not just the computer from which the files were originally backed up. The user will download and reinstall the IT Portfolio software, enter his or her username and password, load or type the encryption key. Once the software installation is completed, two clicks of the mouse will restore the file catalogue (the list of all of the files backed up) which will then give the user the ability to restore any and all files backed up. For more information about HIPPA and Disaster Recovery, please visit our website or contact us at: Telephone: 1-800-759-3630 Email: support@itportfolio.com Please note that nothing in this White Paper is intended to constitute legal advice. For more information about HIPAA and compliance with HIPAA requirements please consult your legal counsel. 2006 IT Portfolio, Inc. All rights reserved. IT Portfolio, Inc. White Paper Page 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information