The HIPAA Privacy regulations require health care providers and organizations, as well as their business associates, to develop and follow procedures that ensure the confidentiality and security of Protected Health Information (PHI) when it is transferred, received, handled, or shared. This applies to all forms of PHI, including paper, oral, electronic, etc. Furthermore, only the minimum health information necessary to conduct business is to be used or shared. Desktop Central has taken steps towards HIPAA compliance to ensure confidentiality and security of health information.
Requirement | Requirement Description | How Desktop Central fulfills it? |
---|---|---|
§ 164.308(a)(1)(ii)(A) |
Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity. |
Desktop Central's patch management feature helps in deploying patches across every major operating system (Windows, Mac & Linux) and helps in patching third party applications. The periodic scans initiated in the network gives details of the IT assets in the network and identifies vulnerable systems and applications. Desktop Central also provides exhaustive reports on system vulnerabilities, patches, OS, firewall, filevault, bitlocker, antivirus, etc. which elaborates the threats present in the network devices.. |
§ 164.308(a)(1)(ii)(B) |
Implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level to comply with §164.306(a). |
Desktop Central's Automate Patch Deployment (APD) feature provides administrators the ability to deploy patches missing in their network computers automatically, without any manual intervention. Periodic patching of vulnerable devices ensures the security of the ePHI available in the network devices. Desktop Central's Secure USB feature allows network administrators to limit the scope of USB device usage by restricting selectively, blocking or allowing full use, thereby prohibiting any data leak. Geo-tracking, data wipe, putting the device in Kiosk Mode and remote lock of mobile devices enhances device security. Desktop Central helps to deploy customised firewall settings and prohibit software to implement additional security measure. The Browser Security Plus add-on helps in preventing browser based threats and protect enterprise data from credential thefts, phishing attacks and accidental data leakage. |
§ 164.308(a)(1)(ii)(D) |
Implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports. |
Desktop Central provides various reports based on User log on/log off, USB device, alerts based on Software added/removed, periodic anitivirus updates, firewall, bitlocker and filevault status. |
§ 164.308(a)(3)(ii)(A) |
Implement procedures for the authorization and/or supervision of workforce members who work with electronic protected health information or in locations where it might be accessed. |
With the help of Desktop Central, an IT admin can authorize permission to access file/folder/registry to users and groups who work with ePHI. Using User logon reports, log on information can be periodically reviewed and inapproriate/failed log on can be detected. |
§ 164.308(a)(3)(ii)(B) |
Implement procedures to determine that the access of a workforce member to electronic protected health information is appropriate. |
Using Desktop Central, an IT admin can manage permissions granted to access file/folder/registry to users and groups who work with ePHI. With user logon reports, logon information can be periodically reviewed and failed logon can be detected. |
§ 164.308(a)(4)(ii)(B) |
Implement policies and procedures for granting access to electronic protected health information, for example, through access to a workstation, transaction, program, process, or other mechanism. |
An IT admin can manage access provided to the users using Desktop Central. Using Group Management, the administrator can add, remove or modify user policies and user groups thereby securing access to ePHI. Also, permission to add/remove drives, can be provided to specific resources in the network. |
§ 164.308(a)(5)(ii)(A) |
Periodic security updates |
Desktop Central provides Automate Patch Deployment (APD) feature, Antivirus definition updates and driver updates to secure the network. |
§ 164.308(a)(5)(ii)(B) |
Procedures for guarding against, detecting, and reporting malicious software. |
Desktop Central's ability to prohibit software and block executable files helps in guarding against malicious software. The firewall configuration in Desktop Central additionally helps in protecting all network devices. |
§ 164.308(a)(5)(ii)(D) |
Procedures for creating, changing, and safeguarding passwords. |
With the help of Desktop Central, an IT admin has the provision to change user's password. |
§ 164.310(a)(2)(i) | Establish (and implement as needed) procedures that allow facility access in support of restoration of lost data under the disaster recovery plan and emergency mode operations plan in the event of an emergency. |
Using Desktop Central, the administrator can take folder/file backup of important data which can be used to restore lost data under emergency conditions. |
§ 164.312(a)(2)(iii) |
Implement electronic procedures that terminate an electronic session after a predetermined time of inactivity. |
Desktop Central provides remote lock, signoff and shutdown features to terminate a session. |
§ 164.312(b) |
Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information. |
Desktop Central provides centralised inventory of hardware/software details of mobiles, desktops and laptops. With User Logon reports, one can record the log on activities in Information Systems. |
§ 164.312(d) |
Implement procedures to verify that a person or entity seeking access to electronic protected health information is the one claimed. |
Using Desktop Central, permissions to access restricted files/folders can be allowed for specific users. |