HIPAA Managed Policies

HIPAA Managed Policies

Securing the infrastructure, network, and hosting environment using best practices for HIPAA compliance is a vital part of Cartika's ongoing policy of providing a HIPAA compliant platform for your business or organization.

DATACENTERS & PHYSICAL ACCESS SECURITY

  • Full CCT surveillance is in use, backed by digital recording on file, along with intrusion detection systems to prevent unauthorized electronic access
  • Each datacenter offers onsite staff 24x7 - providing additional protection against unauthorized entry
  • Locking cages/cabinets, and DC retains all keys (verified check in/check out)
  • SAS-70 Type II audited datacenter infrastructure

HIPAA MANAGED OPERATION SECURITY

  • HIPAA privacy and security officer creates staff policies, documentation, and security policies
  • HIPAA security team tasked with oversight of the HIPAA security programs
  • HIPAA privacy officer tasked with oversight of HIPAA managed infrastructure solution
  • HIPAA program is in place, with documented security policies, standards and procedures
  • Third party HIPAA auditing checklist of your managed infrastructure solution on deployment
  • Third party HIPAA auditing checklist of your managed solution on hardware changes
  • Third party HIPAA auditing checklist of your managed infrastructure solution as required
  • Third party HIPAA Training, Testing, and Certification is required for all staff
  • HIPAA policies and procedures are disseminated to all staff
  • HIPAA documented policies and procedures for system administration and network management
  • HIPAA documented policies regarding the secure disposal of media/data
  • HIPAA Business Associate contracts
  • Private/Secure repository (each client) for documentation, audit reports, incident reports/follow-ups, and BA contracts
  • All technical staff  are trained/instructed how to detect and/or respond to HIPAA security incidents, breaches, and technical malfunctions with full documentation and notification procedures in place
  • All staff are required to sign confidentiality agreements
  • Managed, secured LAN only accessible backups for all HIPAA data
  • Each staff member has unique passwords and authentication parameters to our infrastructure through VPN access
  • Each staff member has unique passwords and authentication parameters to our infrastructure through AD/LDAP
  • Staff cannot change their own encrypted passwords for network access
  • Network and physical alerts are generated by our systems for all HIPAA environments
  • Change controls/procedures are fully documented internally

INTRUSION PROTECTION AND PATCHING

  • Hardware Firewalls at core levels
  • Private hardware firewalls for each managed HIPAA solution
  • Software firewalls in each HIPAA managed environment
  • Formal patch management, notification, approval, and rollback systems are in place for production changes
  • Commercial, third party, and proprietary anti-virus and Malware w/scans performed daily and notifications generated and ticketed
  • Private managed logging server provided with each HIPAA solutionServer patching through commercial automated solutions and proprietary systems
    • Related Articles

    • Cartika Security Policies

      Securing the infrastructure, network, and hosting environment using best practices is a vital part of Cartika's ongoing security policy of providing a secure platform for your business or organization. DATACENTERS & PHYSICAL ACCESS SECURITY Full CCT ...
    • General eMail Support Policies

      Please be aware that Cartika does not support Mass eMailing in ANY capacity without all the various legislations being adhered to (including, but, not limited to the CAN-SPAM and Canada’s Anti-Spam Law) As a general policy, Cartika does not support ...
    • Managed Servers - Update Schedules

      All Cartika environments including Shared, Reseller and Managed Client Devices will update on the following schedule: Security Updates - Will now be installed to client devices nightly. A server reboot (If Required) will take place after 2AM Eastern. ...
    • New Access Management User setup on Windows 2008 / 2008r2

      In order to manage your GDPR compliant access to Windows 2008 You will need to create  1) Login to your accounts.cartika.com account 2) Select your access management service (customers with managed infrastructure in both the US and CAD will have two) ...
    • New Access Management User setup on Linux

      1) Login to your accounts.cartika.com account 2) Select your access management service (customers with managed infrastructure in both the US and CAD will have two) 3) Navigate to Login to SolidCP -> Click Login 4) Click on Users under your Hosted ...