product icon

Pro HIPAA Considerations

    The Health Insurance Portability and Accountability Act (HIPAA), passed by Congress in 1996, requires all organizations that maintain or transmit electronic healthcare information to establish and implement certain administrative, physical, and technical safeguards to keep that information safe from unauthorized access.

    The Department of Health & Human Services has issued specific rules to enforce the act, namely the HIPAA Security Standards published in the Federal Register on February 20, 2003 (45 CFR Parts 160, 162 and 164 Health Insurance Reform: Security Standards, Final Rule).

    These rules include Technical Safeguards that apply to covered entities that use remote access products to maintain or transmit electronic healthcare information. To view the HIPAA rules in their entirety, visit the Health Information Privacy page of the U.S. Department of Health and Human Services website at www.hhs.gov/ocr/privacy/, or go directly to the Security Standards: Technical Standards document.

    About this Document

    This publication provides a brief introduction to the scope of HIPAA compliance with regard to remote access products (including Pro and Central) and support and collaboration products (including Rescue).

    Section A outlines key background information needed to understand the scope of HIPAA compliance with regard to remote access products.

    Section B outlines the HIPAA rules’ Technical Safeguards (see § 164.312), which apply to remote access products used by entities subject to HIPAA compliance.

    Sections C through H demonstrate how GoTo helps organizations adhere to, meet, or exceed these safeguards.

    When relevant, this document also covers LogMeIn Files, a cloud storage feature provided with Pro.

    Important: The information contained in this document is provided to you "AS IS" and does not constitute legal advice or an opinion regarding GoTo's HIPAA compliance. GoTo makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained in or referenced in this document. GoTo recommends that you seek the advice of competent legal counsel before relying on any of the statements contained in this document.

      In this section:

    1. HIPAA Section A – Background information on HIPAA Rules
    2. HIPAA Section B – HIPAA Technical Safeguards § 164.312
    3. HIPAA Section C – Access Control § 164.312(a)(1)
    4. HIPAA Section D – Audit Controls § 164.312(b)
    5. HIPAA Section E – Integrity policies and procedures, § 164.312(c)(1)
    6. HIPAA Section F – Integrity mechanism, § 164.312(c)(2)
    7. HIPAA Section G – Person or Entity Authentication§ 164.312(d)
    8. HIPAA Section H.1 – Transmission Security § 164.312(e)(1)
    9. HIPAA Section H.2 – Transmission Security § 164.312(e)(1) Integrity Controls
    10. HIPAA Section H.3 – Transmission Security, Encryption § 164.312(e)(1)