Helping a company comply with HIPAA
-
@larsen161 said:
, laptops that have no encryption or security on them, etc.
FYI, there is no requirement for encryption. That specific measure is addressable. In other words, they could say that they keep no medical data on laptops, therefore they don't need the laptops to be encrypted.. but it's even easier than that.. they could say that the laptops never leave the building.. therefore encryption isn't needed. Of course that doesn't help them in cases where it's stolen, so at that point they would have a breach, but they wouldn't be in violation of the law.
just subject to the breach requirements. -
@larsen161 said:
@DustinB3403 sure, that was the obvious first site but I'm looking for a more practical site that more specifically applies directly to IT as well as real user experience in the implementation of it.
If you find one, I'd love to see it.
-
@larsen161 the website has a lot of technical documentation for businesses and outlines how a business should go about becoming HIPAA compliant and maintaining that compliance.
I'd be wary of trusting outside sources, for the very reason of what if HIPAA changes the criteria.
-
@DustinB3403 Thanks, I'll take a closer look
-
@Dashrender they are all field workers so laptops are never even in an office - they don't even have one. from what I've seen so far that data is on laptops so either a change in procedure or encryption may be useful if left as is.
-
@larsen161 Or you setup a policy that no data is on the laptop and configure VDI, using a VPN and RDP.
2FA with basic AD information would likely go a long ways as well.
-
As Dustin mentioned - just don't have any local data, then you have no worries. It would be awesome if you could just use somethign like a Chromebook. all web all the time.
-
@Dashrender well chromebooks do have local storage but they are encrypted by default and with Apps for Work there's the ability to disable some of the Drive sync abilities to limit storage on local devices.
Some staff are currently using Dell Inspiron laptops from ~5 yrs ago so it's definitely time for an update.
-
They could do their own storage on ownCloud for pretty cheap. I don't know their needs but often you can do that for $20/mo or so. That's total, not per user. Use encrypted partition(s) for the data and make sure you are encrypted on the front end with SSL and you are in pretty good shape.
-
@Dashrender said:
As Dustin mentioned - just don't have any local data, then you have no worries. It would be awesome if you could just use somethign like a Chromebook. all web all the time.
Yeah, this is often a very good way to go.