About HIPAA HITECH
The HIPAA HITECH Act expands the scope of privacy and security protections available under HIPAA, due to the growing amount of electronic protected health information (ePHI). The HIPAA HITECH Act mandates no unauthorized acquisition, access, use or disclosure of protected health information.
We manage your HIPAA HITECH Compliant Platforms so you don’t have to.
The complexities of securing patient data, maintaining HIPAA compliance and integrating a network of service providers and payers in a cost-effective manner is no easy task. But with direct costs of HIPAA HITECH security breaches costing U.S. healthcare organizations more than $6 billion each year, you can’t afford to be caught unprotected.
Concerto Cloud Services works with healthcare organizations of many types, from providers and payers to biotech, to deliver a cost-effective and secure IT platform. By unifying applications and data across your healthcare organization with a fully-managed cloud platform, your organization can be protected from costly data breaches and downtime.
A Layered Approach to Data Security
Concerto’s fully-managed services leverage various technologies, services and strict processes to create a layered security posture that aligns with current HIPAA HITECH best practices. Our experts can quickly help your organization adapt to new security practices and compliance requirements – all at a price point and speed of deployment that makes our platforms an easy choice.
All Concerto cloud environments come with powerful state-of-the-art security features and are monitored and managed around the clock. However, healthcare organizations can receive additional managed services that are pre-developed to meet and exceed HIPAA HITECH requirements.
Concerto Cloud Services Security Overview
- Centralized and automated anti-malware and OS patching
- Identity Management
- True network segmentation and isolation from ingress to egress
- Data in-motion encryption by default
- Multiple firewall segments operating at layer 1-7 of the OSI stack
- State-of-the-art IDPS solution monitored and managed 24x7 by a dedicated security operations center
- Reverse Proxy services
- “Other” proprietary security mechanisms and practices
- Intelligent, multi-point syslog solution
- AES-256 Encryption
- FIPS 140-2
- Keys Stored Separately
Enhanced Security Package:
- SIEM (Security Information and Event Management) Encryption
- Syslog (Logging)
- Two-factor authentication
- Encryption (Required for many regulatory requirements such as FIPS-140-2, HIPAA, and more)
- One Vulnerability and Penetration Test per year, with a report to the customer of the findings
- Additional vulnerability or penetration tests
- Additional storage for retention of logging files
*Any enhanced security item can be added individually.
*HIPAA is a set of privacy and security rules that are imposed on healthcare providers (“covered entities”) for the use and disclosure of protected health information. HIPAA is not applicable to the sale of a license for commercial applications or services. Concerto Cloud Services are not in and of itself “HIPAA compliant”and there is no official certification available to deem any platform or software “HIPAA compliant.” It is up to the customer to determine if their contemplated use of their applications and associated business processes will meet the statutory obligations imposed on them as a covered entity.