Vault America Cloud Storage services fulfill the requirements of the Health Information Portability & Accountability Act (HIPAA), including data integrity, authentication, contingency planning, and access and audit controls as they relate to electronic Protected Health Information.
HIPAA SECTIONS | VAULT AMERICA SOLUTION |
---|---|
Contingency Plan | |
HIPAA Section 164.308(a)(7)(i) Standard: Contingency plan. Establish (and implement as needed) policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain electronic protected health information. |
Vault America Cloud Storage provides comprehensive backup and offsite protection of internal or remote servers. In the event of an emergency, disaster, or other outage, exact copies of your data are recoverable quickly and easily via a web-based central administrator or mobile vault for larger volumes. |
HIPAA Section 164.308(a)(7)(ii) Implementation specifications: (A) Data backup plan (Required). Establish and implement procedures to create and maintain retrievable exact copies of electronic protected health information. (B) Disaster recovery plan (Required). Establish (and implement as needed) procedures to restore any loss of data. |
In addition, Vault America offers data replication to another world-class datacenter facility. Ensuring expedient recovery, Vault America Could Storage simplifies the process of disaster recovery planning as an all-in-one, backup and offsite solution. |
Access Controls | |
HIPAA Section 164.312(a)(1) Standard: Access control. Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights as specified in Sec. 164.308(a)(4). |
The Vault America solution restricts user access via an authorized user name and password. Information is backed up in an encrypted state and remains encrypted while stored. Only authorized personnel on the client-side have the key to decrypt the data; Vault America never has access to your passwords or encryption key. |
Audit Controls | |
HIPAA Section 164.312(b) Standard: Audit controls. Implement hardware, software, and/ or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information. |
The Vault America solution automatically creates a comprehensive audit trail of all backups and restores. Logs can be generated in multiple levels of detail and retained according to client needs. |
Data Integrity | |
HIPAA Section 164.312(c)(1) Standard: Integrity. Implement policies and procedures to protect electronic protected health information from improper alteration or destruction. |
The Vault America solution provides a digital signature verification check to ensure what was sent is what was received at the vault. In addition, once data is backed up with your defined retention schedule, it cannot be mistakenly overwritten or removed. |
HIPAA Section 164.312(c)(2) Implementation specifications. Mechanism to authenticate electronic protected health information (Addressable). Implement electronic mechanisms to corroborate that electronic protected health information has not been altered or destroyed in an unauthorized manner. |
All of Vault America’s datacenters are secure, state-of-the-art facilities, equipped with redundant power and telecommunication supplies, climate controls, and fire suppression systems. Industry-leading 256-bit AES encryption is available so data is never in a decyphered state until decrypted at the client-side. |
Authentication | |
HIPAA Section 164.312(d) Standard: Person or entity authentification. Implement procedures to verify that a person or entity seeking access to electronic protected health information is the one claimed. |
The Vault America solution restricts user access via an authorized user name and password. Information is backed up in an encrypted state and remains encrypted while stored. Only authorized personnel on the client-side have the key to decrypt the data; Vault America never has access to your passwords or encryption key. |