HIPAA (Health Insurance Portability and Accountability Act) is a U.S. federal law enacted in 1996. HIPAA was designed to establish standards and regulations for the protection of individuals' personal health information (PHI) and to ensure the privacy and security of that information. Compliance with HIPAA is crucial for healthcare organizations and their partners to protect sensitive patient information, maintain trust, and avoid legal and financial consequences. Achieving HIPAA compliance for cloud infrastructure requires a systematic approach and adherence to specific guidelines. Here are a few of the primary focus areas involved in achieving HIPAA compliance:
Reduce overhead with Teleport's infrastructure auto-discovery and SSO integration for automated onboarding and offboarding of employees.
Go beyond the minimum requirements with Teleport's built-in security controls, including multi-factor authentication, role-based access controls, and session recording.
Continuously monitor with Teleport's audit log and session recording capabilities, providing a complete record of all user activity.
HIPAA § 164.312 Technical Safeguards | How Teleport Helps Compliance |
---|---|
(a) Standard: Access control. Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights as specified in § 164.308(a)(4). | Teleport implements role based access control for remote terminals, which is the predominant way health care IT professionals access computing infrastructure. This RBAC can be mapped to the administrative safeguards set up pursuant to §164.308. |
(i) Unique user identification. Assign a unique name and/or number for identifying and tracking user identity . | Teleport integrates with existing identity providers and assigns access permissions based on enterprise single sign-on. Teleport's access auditing and tracking ties directly back to real user identity. |
(ii) Emergency access procedure. Establish (and implement as needed) procedures for obtaining necessary electronic protected health information during an emergency. | Remote terminals are often the last option available to access server infrastructure in an emergency (other than physically accessing servers). Teleport can make sure your permissions are enforced even during emergency SSH sessions. |
(iii) Automatic logoff. Implement electronic procedures that terminate an electronic session after a predetermined time of inactivity. | The Teleport Certificate Authority issues ephemeral certificates that expire after a pre-configured time period which eliminates the risk of unauthorized access through stale or compromised static access keys. |
(iv) Encryption and decryption Implement a mechanism to encrypt and decrypt electronic protected health information. | Teleport is based on encryption technology created by Google. Any session carried through Teleport automatically inherits high grade end-to-end transport encryption. |
HIPAA § 164.312 Technical Safeguards | How Teleport Helps Compliance |
---|---|
(b) Standard: Audit controls. Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information. | Teleport's SSH bastion automatically records all activity that passes through it, including a detailed audit log with session replay archive available to authorized administrators. |
HIPAA § 164.312 Technical Safeguards | How Teleport Helps Compliance |
---|---|
(c) Standard: Integrity. Implement policies and procedures to protect electronic protected health information from improper alteration or destruction. | Teleport's SSH implementation ties in with traditional healthcare IT network and storage system's remote access daemons, bringing audit and recording to an area not traditionally visible to auditors. |
(i) Mechanism to authenticate electronic protected health information. Implement electronic mechanisms to corroborate that electronic protected health information has not been altered or destroyed in an unauthorized manner. | Off the shell remote file integrity and verification tools such as rsync and tripwire can utilize Teleport for remote access without modification. Your development teams can utilize off-the-shelf open source tooling and scripting techniques to solve complex data validity and integrity challenges. |
HIPAA § 164.312 Technical Safeguards | How Teleport Helps Compliance |
---|---|
(d) Standard: Person or entity authentication. Implement procedures to verify that a person or entity seeking access to electronic protected health information is the one claimed. | Teleport's role-based access control simplifies access procedures by tightly coupling identity with authorization. Access allowance decisions are removed from low-level technology and brought into realms where appropriate administrators have better visibility. |
HIPAA § 164.312 Technical Safeguards | How Teleport Helps Compliance |
---|---|
(e) Standard: Transmission security. Implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network. | Teleport uses the secure shell protocol as implemented by Google's security experts and is based on the industry standard for accessing servers via an encrypted connection. |
(i) Integrity controls. Implement security measures to ensure that electronically transmitted electronic protected health information is not improperly modified without detection until disposed of. | End-to-end transport encryption as provided by Teleport is a fundamental building block for ensuring the integrity of files sent between locations. |
(ii) Encryption. Implement a mechanism to encrypt electronic protected health information whenever deemed appropriate. | Teleport always takes care of transport encryption, allowing you to focus on encryption of protected health data while at rest on endpoint storage. |