Home Overview [Pricing/Buy] Go to: Prestwood IT
-Collapse +Expand
Remote Backup
   Prestwood ITRemote Backup   Print This     


HIPAA Compliance

We've made understanding HIPAA easy and straight forward, the table below presents the statutory regulations organizations are required to comply with, and how Prestwood Data Services backup solutions help achieve these goals.

The Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA, Title II) required the Department of Health and Human Services (HHS) to establish national standards for electronic health care transactions and national identifiers for providers, health plans, and employers. It also addressed the security and privacy of health data. As the industry adopts these standards for the efficiency and effectiveness the nation's health care system will improve the use of electronic data interchange.

*From 45 CFR Parts 160, 162, and 164
Health Insurance Reform: Security Standards; Final Rule
Statutory Compliance and Specification
Federal Regulation Section* Standard Implementation Specification Prestwood Solution
164.308(a)(1)(ii)(B) Risk Management (R) Implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level to comply with ยง 164.306(a). 1, 2
164.308(a)(3)(i) Workforce Security (R) Implement policies and procedures to ensure that all members of its workforce have appropriate access to ePHI, as provided under paragraph (a)(4) of this section, and to prevent those workforce members who do not have access under paragraph (a)(4) of this section from obtaining access to ePHI. 3
164.308(a)(3)(ii)(C) Termination Procedures (A) Implement procedures for terminating access to ePHI when the employment of a workforce member ends or as required by determinations made as specified in paragraph (a)(3)(ii)(B) of this section. 3, 5
164.308(a)(7)(i) Contingency Plan (R) Establish (and implement as needed) policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain ePHI. 1
164.308(a)(7)(ii)(A) Data Backup Plan (R) Establish and implement procedures to create and maintain retrievable exact copies of ePHI. 1, 4, 6
164.308(a)(7)(ii)(B) Disaster Recovery Plan (R) Establish (and implement as needed) procedures to restore any loss of data. 1, 4, 6
164.310(a)(1) Facility Access Controls (R) Implement policies and procedures to limit physical access to its electronic information systems and the facility or facilities in which they are housed, while ensuring that properly authorized access is allowed. 3, 5
164.310(d)(2)(iv) Data Backup and Storage (A) Implement policies and procedures to create a retrievable, exact copy of ePHI, when needed, before movement of equipment. 1, 4
164.312(a)(1) Access Control (R) Implement technical policies and procedures for electronic information systems that maintain ePHI to allow access only to those persons or software programs that have been granted access rights as specified in Sec. 164.308(a)(4). 2, 3, 5
164.312(b) Audit Controls (R) Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use ePHI. 1, 4
164.312(e)(1) Transmission Security (R) Implement technical security policies and procedures measures to guard against unauthorized access to ePHI that is being transmitted over an electronic communications network. 2, 3
164.312(e)(2)(ii) Encryption (A) Implement a mechanism to encrypt ePHI whenever deemed appropriate. 2, 3
164.312(c)(1) Integrity (R) Implement policies to protect ePH from improper alteration or destruction. 1, 4, 6
164.312(c)(2) Mechanism to Authenticate Electronic PHI (A) Implement electronic mechanisms to corroborate that ePHI has not been altered or destroyed in an unauthorized manner. 1, 3, 7
164.312(d) Person or Entity Authentication (R) Implement procedures to verify that a person or entity seeking access to ePHI is the one claimed. 3, 5

Prestwood Solutions

  1. Organizations serious about implementing effective backup solutions are turning to Prestwood Data Services to address HIPAA compliance concerns. Prestwood's remote backup solution addresses many of the shortcomings of legacy based tape solutions. Testing, changing and transporting tapes offsite are eliminated; mitigating potential risk to your organization. With Prestwood Remote Backup, data is encrypted and automatically sent over the internet to remote severs without any human interaction. Servers are managed and maintained by a professional IT staff. Third party file management and file deletion maintains the integrity of your data and makes accidental or malicious deletion of your data files and backups impossible. This adds a critical layer of protection and is far superior to services that allow deletion of the backup by any user.
  2. Data is compressed and encrypted on the client's computer prior to transmission and sent over the net through the HTTPs/ port and stored on the servers encrypted.
  3. The Prestwood Remote Backup software generates a unique encryption key during installation. The user has two options to manage their own unique encryption keys.
    1. The software automatically creates a copy of the key and is securely forwarded to Prestwood Data Services for backup. Prestwood Data Services creates two backup copies of the key. One copy is stored off-site in a Prestwood Data Services vault. The second copy of the key is sent to the user for their personal storage and use. (default).
    2. Prestwood Remote software generates a unique encryption key during installation. A copy of the key is automatically forwarded to Prestwood Data Services for backup. Prestwood Data Services creates a single copy of the key. That key is sent to the user for their personal storage and use; but after confirming the receipt of the key, Prestwood Data Services permanently deletes all copies of the key. Please note: this option places sole responsibility of the encryption key on the user. Prestwood Data Services will have no means for producing the encryption key following its deletion. This option requires signing a release for instructing Prestwood Data services to destroy said key.
  4. The auditing feature is a unique and absolutely critical function offered by Prestwood Data Services to ensure HIPAA compliance to a client's back up protocol. A simple text file displaying an application tree and the data files associated with those applications are sent to Prestwood Data Services to ensure that all the files that were meant to be backed up are appropriately tagged. A Prestwood Data Services IT professional will alert the client and help them take appropriate action if the audit reveals data files have not been tagged or untagged for backup.
  5. To protect your mission-critical data, Prestwood Data Services houses their servers in a SAS 70 Type II data center operated and owned by Latisys. Latisys maintains a tight multi-layered security system including electronic motion sensors, providing continuous interior and exterior observation and 30-day retained storage of video surveillance. The building's single entry point is outfitted with sophisticated security sensors, vandal-resistant and bullet-proof glass, full biometric hand scanning and CircleLock mantraps. Armed guards monitor the data center 24/7/365.
  6. All Prestwood Data Services storage servers are set up with fault tolerant RAID arrays and are configured to replicate all client data across the servers. Each server contains redundant cooling and power supply systems.
  7. The Remote Backup software allows clients to set the amount of revisions stored on the servers. Prestwood requires clients to provide written consent to delete any data on the servers; a user does not have administration rights.
   Contact Us!
Have a question? Need our services? Contact us now.
--Mike Prestwood

Call: 916-726-5675

email: info@prestwood.com

©1995-2019 PrestwoodBoards  [Security & Privacy]
Professional IT Services: Coding | Websites | Computer Tech