HIPAA COMPLIANCE STATEMENT

PROXY Pro Remote Desktop Software and the Health Insurance Portability and Accountability Act (HIPAA)

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is the main Federal law that protects health information. The HIPAA Privacy and Security Rules protect the privacy and security of individually identifiable health information. HIPAA Rules have detailed requirements regarding both privacy and security.  The HIPAA Privacy Rule covers protected health information (PHI) in any medium, while the HIPAA Security Rule covers electronic protected health information (ePHI).  Although HIPAA compliance per se is applicable only to entities covered by HIPAA regulations (e.g., healthcare organizations), PROXY Pro remote desktop software provides all of the necessary security and privacy features needed for an organization to remain HIPAA compliant while providing remote access.

Security – Technical Safeguards (CFR 164.312)

Technical safeguards mean the technology and the policy and procedures for its use that protect electronic protected health information (ePHI) and control access to it.  CFR Title 45 - Public Welfare is one of fifty titles comprising the United States Code of Federal Regulations (CFR).  Title 45 is the principle set of rules and regulations issued by federal agencies of the United States regarding public welfare.  Subchapter C, Part 164 —Security Standards for the Protection of Electronic Protected Health Information (https://www.ecfr.gov/cgi-bin/text-idx?SID=1f19037d8ee0abb72477851d48233f6f&mc=true&node=pt45.1.164&rgn=div5#se45.1.164_1312)

(1) (a)(1) Standard: Access control (Required). Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights.
(2) (a)(2)(i) Unique user identification (Required). Assign a unique name and/or number for identifying and tracking user identity.
 
(3) (a)(2)(iii) Automatic logoff (Addressable). Implement electronic procedures that terminate an electronic session after a predetermined time of inactivity.
 
(4) (a)(2)(iv) Encryption and decryption (Addressable). Implement a mechanism to encrypt and decrypt electronic protected health information.
 
(5) (b) Standard: Audit controls (Required). Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.
 
(6) (c)(1) Standard: Integrity (Required). Implement policies and procedures to protect electronic protected health information from improper alteration or destruction.
 
(7) (c)(2) Implementation specification: Mechanism to authenticate electronic protected health information (Addressable). Implement electronic mechanisms to corroborate that electronic protected health information has not been altered or destroyed in an unauthorized manner.
 
(8) (d) Standard: Person or entity authentication (Required).  Implement procedures to verify that a person or entity seeking access to electronic protected health information is the one claimed.
 
(9) (e)(1) Standard: Transmission security. Implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network.
 
(10) (e)(2)(i) Integrity controls (Addressable). Implement security measures to ensure that electronically transmitted electronic protected health information is not improperly modified without detection until disposed of.
 
(11) (e)(2)(ii) Encryption (Addressable). Implement a mechanism to encrypt electronic protected health information whenever deemed appropriate.
 
 Let's find out of PROXY Pro is a good fit for you!
Download Proxy Networks HIPAA Compliance Statement