Pro HIPAA Considerations
The Health Insurance Portability and Accountability Act (HIPAA), passed by Congress in 1996, requires all organizations that maintain or transmit electronic healthcare information to establish and implement certain administrative, physical, and technical safeguards to keep that information safe from unauthorized access.
The Department of Health & Human Services has issued specific rules to enforce the act, namely the HIPAA Security Standards published in the Federal Register on February 20, 2003 (45 CFR Parts 160, 162 and 164 Health Insurance Reform: Security Standards, Final Rule).
These rules include Technical Safeguards that apply to covered entities that use remote access products to maintain or transmit electronic healthcare information. To view the HIPAA rules in their entirety, visit the Health Information Privacy page of the U.S. Department of Health and Human Services website at www.hhs.gov/ocr/privacy/, or go directly to the Security Standards: Technical Standards document.
About this Document
This publication provides a brief introduction to the scope of HIPAA compliance with regard to remote access products (including Pro and Central) and support and collaboration products (including Rescue).
Section A outlines key background information needed to understand the scope of HIPAA compliance with regard to remote access products.
Section B outlines the HIPAA rules’ Technical Safeguards (see § 164.312), which apply to remote access products used by entities subject to HIPAA compliance.
Sections C through H demonstrate how GoTo helps organizations adhere to, meet, or exceed these safeguards.
When relevant, this document also covers LogMeIn Files, a cloud storage feature provided with Pro.
- HIPAA Section A – Background information on HIPAA Rules
- HIPAA Section B – HIPAA Technical Safeguards § 164.312
- HIPAA Section C – Access Control § 164.312(a)(1)
- HIPAA Section D – Audit Controls § 164.312(b)
- HIPAA Section E – Integrity policies and procedures, § 164.312(c)(1)
- HIPAA Section F – Integrity mechanism, § 164.312(c)(2)
- HIPAA Section G – Person or Entity Authentication§ 164.312(d)
- HIPAA Section H.1 – Transmission Security § 164.312(e)(1)
- HIPAA Section H.2 – Transmission Security § 164.312(e)(1) Integrity Controls
- HIPAA Section H.3 – Transmission Security, Encryption § 164.312(e)(1)
In this section: