Simplifying Zero Trust Security for AWS with Teleport
Jan 23
Virtual
Register Now
Teleport logoTry For Free
Background image
Compliance

Streamlining HIPAA Compliance

What is HIPAA compliance?

HIPAA Logo

HIPAA (Health Insurance Portability and Accountability Act) is a U.S. federal law enacted in 1996, designed to establish standards and regulations for the protection of individuals' personal health information (PHI). Compliance with HIPAA is crucial for healthcare organizations and their partners to protect sensitive patient information, maintain trust, and avoid legal and financial consequences.

Need HIPAA Help?

Get in touch

Teleport Features for HIPAA Controls

HIPAA § 164.312 (a) Technical Safeguards

Control Name

ID

Teleport Capability

Standard: Access control

HIPAA § 164.312 (a)

Teleport implements role based access control for remote terminals, which is the predominant way health care IT professionals access computing infrastructure. This RBAC can be mapped to the administrative safeguards set up pursuant to §164.308.

Unique user identification

HIPAA § 164.312 (a)(i)

Teleport integrates with existing identity providers and assigns access permissions based on enterprise single sign-on. Teleport's access auditing and tracking ties directly back to real user identity.

Emergency access procedure

HIPAA § 164.312 (a)(ii)

Remote terminals are often the last option available to access server infrastructure in an emergency (other than physically accessing servers). Teleport can make sure your permissions are enforced even during emergency SSH sessions.

Automatic logoff

HIPAA § 164.312 (a)(iii)

The Teleport Certificate Authority issues ephemeral certificates that expire after a pre-configured time period which eliminates the risk of unauthorized access through stale or compromised static access keys.

Encryption and decryption

HIPAA § 164.312 (a)(iv)

Teleport is based on encryption technology created by Google. Any session carried through Teleport automatically inherits high grade end-to-end transport encryption.

HIPAA § 164.312 (b) Technical Safeguards

Control Name

ID

Teleport Capability

Standard: Audit controls

HIPAA § 164.312 (b)

Teleport's SSH bastion automatically records all activity that passes through it, including a detailed audit log with session replay archive available to authorized administrators.

HIPAA § 164.312 (c) Technical Safeguards

Control Name

ID

Teleport Capability

Standard: Integrity

HIPAA § 164.312 (c)

Teleport's SSH implementation ties in with traditional healthcare IT network and storage system's remote access daemons, bringing audit and recording to an area not traditionally visible to auditors.

Mechanism to authenticate electronic protected health information

HIPAA § 164.312 (c)(i)

Off the shell remote file integrity and verification tools such as rsync and tripwire can utilize Teleport for remote access without modification. Your development teams can utilize off-the-shelf open source tooling and scripting techniques to solve complex data validity and integrity challenges.

HIPAA § 164.312 (d) Technical Safeguards

Control Name

ID

Teleport Capability

Standard: Person or entity authentication

HIPAA § 164.312 (d)

Teleport's role-based access control simplifies access procedures by tightly coupling identity with authorization. Access allowance decisions are removed from low-level technology and brought into realms where appropriate administrators have better visibility.

HIPAA § 164.312 (e) Technical Safeguards

Control Name

ID

Teleport Capability

Standard: Transmission security

HIPAA § 164.312 (e)

Teleport uses the secure shell protocol as implemented by Google's security experts and is based on the industry standard for accessing servers via an encrypted connection.

Integrity Controls

HIPAA § 164.312 (e)(i)

End-to-end transport encryption as provided by Teleport is a fundamental building block for ensuring the integrity of files sent between locations.

Encryption

HIPAA § 164.312 (e)(ii)

Teleport always takes care of transport encryption, allowing you to focus on encryption of protected health data while at rest on endpoint storage.

Additional Resources

Blog Post

Securing Infrastructure in Healthcare: Reducing Breaches and Building Resiliency

Webinar

2024 Secure Infrastructure Access Report: Key Insights and Trends

Webinar

Hardening Infrastructure Security Against SSO Identity Provider Compromise

Try Teleport today

In the cloud, self-hosted, or open source.
View developer docs

Get Started
pam