The HIPAA Privacy regulations require health care providers and organizations, as well as their business associates, to develop and follow procedures that ensure the confidentiality and security of Protected Health Information (PHI) when it is transferred, received, handled, or shared. This applies to all forms of PHI, including paper, oral, electronic, etc. Furthermore, only the minimum health information necessary to conduct business is to be used or shared. Endpoint Central MSP has taken steps towards HIPAA compliance to ensure confidentiality and security of health information.
Requirement | Requirement Description | How Endpoint Central MSP fulfills it? |
---|---|---|
§ 164.308(a)(1)(ii)(A) |
Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity. |
Endpoint Central MSP's patch management feature helps in deploying patches across every major operating system (Windows, Mac & Linux) and helps in patching third party applications. The periodic scans initiated in the network gives details of the IT assets in the network and identifies vulnerable systems and applications. Endpoint Central MSP also provides exhaustive reports on system vulnerabilities, patches, OS, firewall, filevault, bitlocker, antivirus, etc. which elaborates the threats present in the network devices.. |
§ 164.308(a)(1)(ii)(B) |
Implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level to comply with §164.306(a). |
Endpoint Central MSP's Automate Patch Deployment (APD) feature provides administrators the ability to deploy patches missing in their network computers automatically, without any manual intervention. Periodic patching of vulnerable devices ensures the security of the ePHI available in the network devices. Endpoint Central MSP's Secure USB feature allows network administrators to limit the scope of USB device usage by restricting selectively, blocking or allowing full use, thereby prohibiting any data leak. Geo-tracking, data wipe, putting the device in Kiosk Mode and remote lock of mobile devices enhances device security. Endpoint Central MSP helps to deploy customised firewall settings and prohibit software to implement additional security measure. The Browser Security Plus add-on helps in preventing browser based threats and protect enterprise data from credential thefts, phishing attacks and accidental data leakage. |
§ 164.308(a)(1)(ii)(D) |
Implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports. |
Endpoint Central MSP provides various reports based on User log on/log off, USB device, alerts based on Software added/removed, periodic anitivirus updates, firewall, bitlocker and filevault status. |
§ 164.308(a)(3)(ii)(A) |
Implement procedures for the authorization and/or supervision of workforce members who work with electronic protected health information or in locations where it might be accessed. |
With the help of Endpoint Central MSP, an IT admin can authorize permission to access file/folder/registry to users and groups who work with ePHI. Using User logon reports, log on information can be periodically reviewed and inapproriate/failed log on can be detected. |
§ 164.308(a)(3)(ii)(B) |
Implement procedures to determine that the access of a workforce member to electronic protected health information is appropriate. |
Using Endpoint Central MSP, an IT admin can manage permissions granted to access file/folder/registry to users and groups who work with ePHI. With user logon reports, logon information can be periodically reviewed and failed logon can be detected. |
§ 164.308(a)(4)(ii)(B) |
Implement policies and procedures for granting access to electronic protected health information, for example, through access to a workstation, transaction, program, process, or other mechanism. |
An IT admin can manage access provided to the users using Endpoint Central MSP. Using Group Management, the administrator can add, remove or modify user policies and user groups thereby securing access to ePHI. Also, permission to add/remove drives, can be provided to specific resources in the network. |
§ 164.308(a)(5)(ii)(A) |
Periodic security updates |
Endpoint Central MSP provides Automate Patch Deployment (APD) feature, Antivirus definition updates and driver updates to secure the network. |
§ 164.308(a)(5)(ii)(B) |
Procedures for guarding against, detecting, and reporting malicious software. |
Endpoint Central MSP's ability to prohibit software and block executable files helps in guarding against malicious software. The firewall configuration in Endpoint Central MSP additionally helps in protecting all network devices. |
§ 164.308(a)(5)(ii)(D) |
Procedures for creating, changing, and safeguarding passwords. |
With the help of Endpoint Central MSP, an IT admin has the provision to change user's password. |
§ 164.310(a)(2)(i) | Establish (and implement as needed) procedures that allow facility access in support of restoration of lost data under the disaster recovery plan and emergency mode operations plan in the event of an emergency. |
Using Endpoint Central MSP, the administrator can take folder/file backup of important data which can be used to restore lost data under emergency conditions. |
§ 164.312(a)(2)(iii) |
Implement electronic procedures that terminate an electronic session after a predetermined time of inactivity. |
Endpoint Central MSP provides remote lock, signoff and shutdown features to terminate a session. |
§ 164.312(b) |
Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information. |
Endpoint Central MSP provides centralised inventory of hardware/software details of mobiles, desktops and laptops. With User Logon reports, one can record the log on activities in Information Systems. |
§ 164.312(d) |
Implement procedures to verify that a person or entity seeking access to electronic protected health information is the one claimed. |
Using Endpoint Central MSP, permissions to access restricted files/folders can be allowed for specific users. |