HIPAA SECURITY COMPLIANCE MADE EASY
| Classification | Rule | How Trust Digital Helps |
|---|---|---|
| Administrative Safeguards | ||
| Workforce security | Policies, procedures, and processes must be developed and implemented that ensure only properly-authorized workforce members have access to Electronic Protected Health Information (ePHI). | Policy controlled password and data encryption device and SD card) ensure that all ePHI stored on mobile devices is automatically safeguarded. |
| Security incident procedures | Policies, procedures, and processes must be developed and implemented for reporting, responding to, and managing security incidents. | A self-service portal, accessible over-the-air (OTA), enables users to report a lost device and remotely wipe it of ePHI. In addition, Trust Digital permits ePHI deletion policies based on device inactivity, password failure thresholds, and OTA help desk actions. |
| Contingency plan | Policies, procedures, and processes must be developed and implemented for responding to a disaster or emergency that damages information systems containing ePHI. | The interactive remote diagnostic capabilities of the Trust Digital Help Desk allow IT personnel to assist users when troubleshooting a faulty device. In addition, backup and restore capabilities of the Trust Digital client ensures the integrity of ePHI if the device is lost or damaged during an emergency or disaster. |
| Physical safeguards | ||
| Workstation security | Covered entities (CEs) must implement physical safeguards for all workstations that can access ePHI in order to limit access to only authorized users. | An on-device password prevents unauthorized access of ePHI stored on the mobile device. In addition, policies can be created to prevent use of and/or encrypt SD cards and other removable media. Network Access Control ensures that only security-compliant devices have access to ePHI. |
| Device and media controls |
Policies, procedures, and processes must be developed and implemented for the receipt and removal of hardware and electronic media that contain ePHI into and out of a CE, and the movement of those items within a CE. | The Trust Digital Enterprise Console provides reporting of device compliance and status. Help desk features include device decommissioning and remote wipe to ensure that ePHI is removed from the device if the smartphone is lost or removed from service. |
| Technical safeguards | ||
| Access control | Policies, procedures, and processes must be developed and implemented for electronic information systems that contain ePHI to only allow access to persons or software programs that have appropriate access rights. | The Trust Digital smartphone client supports an on-device password to ensure that persons with the appropriate access rights only have access to ePHI. In addition, the client supports facilities to prevent unauthorized access of information. Device software image locking prevents the installation of third party applications by users while our patent-pending “Trust Application” prevents malware access of ePHI. |
| Audit control | Mechanisms must be implemented to record and examine activity in information systems that contain or use ePHI. | Audit control is provided by a blend of Interactive Remote Diagnostics and logging. |
| Integrity | Policies, procedures, and processes must be developed and implemented that protect ePHI from improper modification or destruction. | Trust Digital's on-device security with device and application management features ensure that user access to ePHI is limited only to approved users utilizing approved software applications. Because HIPAA compliance is an ongoing process, rather than a one-time event, Trust Digital’s security compliance management and reporting facilities ensure that user compliance is maintained while also providing evidence for external HIPAA compliance audits. |
| Person or entity authentication | Policies, procedures, and processes must be developed and implemented that verify persons or entities seeking access to ePHI are who or what they claim to be. | Trust Digital authentication management provides feature rich password functionality on the device to verify that persons seeking access to ePHI are who they claim to be. Administrators can restrict access to a device based on security policies which dictate the type of input methods like PIN or keyboard, password restrictions based on length, password complexity (alpha-numeric combinations), password expiration, password history, lockout or wipe after a number of incorrect entries, and inactivity timer for password. |
| Transmission security | Policies, procedures, and processes must be developed and implemented that prevent unauthorized access to ePHI that is being transmitted over an electronic communications network (e.g., the Internet). | Trust Digital network access control only allow authorized devices to connect via the internet to CE resources and services. Once connected, ePHI is transmitted via secure OTA SSL connection. |