Try For Free
Streamlining HIPAA Compliance
What is HIPAA compliance?
HIPAA (Health Insurance Portability and Accountability Act) is a U.S. federal law enacted in 1996, designed to establish standards and regulations for the protection of individuals' personal health information (PHI). Compliance with HIPAA is crucial for healthcare organizations and their partners to protect sensitive patient information, maintain trust, and avoid legal and financial consequences.
Teleport Features for HIPAA Controls
HIPAA § 164.312 (a) Technical Safeguards | ||||||
|---|---|---|---|---|---|---|
Control Name | ID | Teleport Capability | ||||
Standard: Access control | HIPAA § 164.312 (a) | Teleport implements role based access control for remote terminals, which is the predominant way health care IT professionals access computing infrastructure. This RBAC can be mapped to the administrative safeguards set up pursuant to §164.308. | ||||
Unique user identification | HIPAA § 164.312 (a)(i) | Teleport integrates with existing identity providers and assigns access permissions based on enterprise single sign-on. Teleport's access auditing and tracking ties directly back to real user identity. | ||||
Emergency access procedure | HIPAA § 164.312 (a)(ii) | Remote terminals are often the last option available to access server infrastructure in an emergency (other than physically accessing servers). Teleport can make sure your permissions are enforced even during emergency SSH sessions. | ||||
Automatic logoff | HIPAA § 164.312 (a)(iii) | The Teleport Certificate Authority issues ephemeral certificates that expire after a pre-configured time period which eliminates the risk of unauthorized access through stale or compromised static access keys. | ||||
Encryption and decryption | HIPAA § 164.312 (a)(iv) | Teleport is based on encryption technology created by Google. Any session carried through Teleport automatically inherits high grade end-to-end transport encryption. | ||||
HIPAA § 164.312 (b) Technical Safeguards | ||||||
|---|---|---|---|---|---|---|
Control Name | ID | Teleport Capability | ||||
Standard: Audit controls | HIPAA § 164.312 (b) | Teleport's SSH bastion automatically records all activity that passes through it, including a detailed audit log with session replay archive available to authorized administrators. | ||||
HIPAA § 164.312 (c) Technical Safeguards | ||||||
|---|---|---|---|---|---|---|
Control Name | ID | Teleport Capability | ||||
Standard: Integrity | HIPAA § 164.312 (c) | Teleport's SSH implementation ties in with traditional healthcare IT network and storage system's remote access daemons, bringing audit and recording to an area not traditionally visible to auditors. | ||||
Mechanism to authenticate electronic protected health information | HIPAA § 164.312 (c)(i) | Off the shell remote file integrity and verification tools such as rsync and tripwire can utilize Teleport for remote access without modification. Your development teams can utilize off-the-shelf open source tooling and scripting techniques to solve complex data validity and integrity challenges. | ||||
HIPAA § 164.312 (d) Technical Safeguards | ||||||
|---|---|---|---|---|---|---|
Control Name | ID | Teleport Capability | ||||
Standard: Person or entity authentication | HIPAA § 164.312 (d) | Teleport's role-based access control simplifies access procedures by tightly coupling identity with authorization. Access allowance decisions are removed from low-level technology and brought into realms where appropriate administrators have better visibility. | ||||
HIPAA § 164.312 (e) Technical Safeguards | ||||||
|---|---|---|---|---|---|---|
Control Name | ID | Teleport Capability | ||||
Standard: Transmission security | HIPAA § 164.312 (e) | Teleport uses the secure shell protocol as implemented by Google's security experts and is based on the industry standard for accessing servers via an encrypted connection. | ||||
Integrity Controls | HIPAA § 164.312 (e)(i) | End-to-end transport encryption as provided by Teleport is a fundamental building block for ensuring the integrity of files sent between locations. | ||||
Encryption | HIPAA § 164.312 (e)(ii) | Teleport always takes care of transport encryption, allowing you to focus on encryption of protected health data while at rest on endpoint storage. | ||||
