Is Remote Access Plus HIPAA compliant?

Privacy and data security has always been the top concern in the health care sector as there is a free flow of personal data. With the exponential increase in the number of data breaches and cyber threats happening in each passing day, it is a matter of course to tighten the security and comply with trade practice standards. The implementation of Health Insurance Portability and Accountability Act (HIPAA) outlines the rules for health care providers that stores, processes and transmits protected health information in any form.

What is a protected health information?

Any personal health care information that is shared via the internet, an extranet, leased lines, dial-up lines, etc., are considered to be protected health information. Following are a few examples for protected health information.

  1. Health care claims, statuses or equivalent
  2. Payments and remittance advice
  3. Eligibility enquiries
  4. Referral certifications and authorizations
  5. First reports on injuries

If you are an enterprise handling protected health information, then you are bound to meet the requirements of HIPAA compliance.

Is Remote Access Plus HIPAA compliant?

Remote Access Plus as an application used by various enterprises dealing with protected health information, has taken steps towards HIPAA compliance to ensure end-user privacy. Remote Access Plus comes with a set of features that complies with the safeguards that apply directly remote access products.

Stringent administrative safeguards

Unique user identification

You have too many technicians working with Remote Access Plus accessing computers in your network estate? the HIPAA guideline 164.312(a)(2)(ii) indicates that rigid technical policies should be implemented in order to allow access only to those who have been authorized to read, write, modify or share the piece of ePHI (Electronic Protected Health Information). Remote Access Plus comes with Role Based Access Control which you can use to tailor roles and define privileges for every technician and refine them from accessing information elevated to their privilege.

Automatic log-off procedures

As a general practice, technicians or users should log-off from the computers they are working on to prevent unwanted leakage of critical information. However, there are times where they may forget to log out. According to 164.312(a)(2)(iii), the covered entity must implement electronic procedures that automatically terminates the remote sessions after a predefined time of inactivity. Remote Access Plus has Idle time out settings that comes handy in such cases. Enabling this setting will automatically terminate the unattended or inactive remote sessions after the specified time span. The end-users' computer can also be auto-locked once the session is terminated.

Person or entity authentication

The standard 164.312(d) requires the covered entity to employ procedures that authenticates the technician or user trying to access remote computers. Remote Access Plus comes with Two-factor authentication to ensure only the authorized user uses the application to remotely perform troubleshooting routines. Also, you can enable User Confirmation that requests for an approval from the end-user each time before a remote session is initiated. The core purpose of this is to get a consent from the end-user before connecting to his/her computer. The request will contain a detailed description on why the remote session is initiated, where the end-user has the complete liberty to approve or deny access.

Analyze and audit data

Remote Access Plus comes with a real-time reporting system that lets you track every remote session initiated. Besides, you can enable the setting to Record remote sessions and carefully supervise all remote sessions. These recorded sessions can also be used for auditing purposes. Generating, exporting or sharing reports across creates all the possible odds and puts end-user privacy at risk. With Remote Access Plus you can choose to mask/hide protected health information while generating or exporting reports. This way even while sharing reports, you can protect your end-users' personal information from getting spilled over.

Transmission and data security

The HIPAA standard 164.312(e)(1) requires the covered entity to implement security measures to guard against unauthorized access to the protected health information that is being transmitted over an electronic communication network. Remote Access Plus is highly reliable with 256 bit AES encryption.

Have you any queries on Remote Access Plus, feel free to shoot us a line at
remoteaccessplus-support@manageengine.com

 

Also read articles on,

  1. How PCI DSS compliant is Remote Access Plus?
  2. How GDPR compliant is Remote Access Plus?