GateKeeper is widely used for automated HIPAA compliance by many healthcare practitioners.
The Health Insurance Portability and Accountability Act (HIPAA) provides guidelines for privacy standards to protect patients' private medical records and other health information via technology and process - applies to healthcare providers and Business Associates (BA) working with confidential patient information. GateKeeper helps IT directors meet HIPAA compliance through authentication and auditing automation rather than people-dependent technology.
|Section||Key Activity||Criteria||GateKeeper Solution|
|164.306(b)||Flexibility of Approach||(1) Covered entities and business associates may use any security measures that allow the covered entity or business associate to reasonably and appropriately implement the standards and implementation specifications as specified in this subpart.
(2) In deciding which security measures to use, a covered entity or business associate must take into account the following factors:
(i) The size, complexity, and capabilities of the covered entity or business associate.
(ii) The covered entity's or the business associate's technical infrastructure, hardware, and software security capabilities.
(iii) The costs of security measures.
(iv) The probability and criticality of potential risks to electronic protected health information.
|GateKeeper increases the security, and decreases the complexity of the covered entity by providing an automatic mechanism for the locking of a workstation when a user is no longer in proximity. A user does not have to manually lock their workstation when they are no longer present. This security mechanism decreases the potential risks to ePHI.|
|Security Awareness, Training, and Tools -- Log-in Monitoring||Procedures for monitoring log-in attempts and reporting discrepancies.||GateKeeper Enterprise provides auditing and monitoring of all login events.|
|164.310(c)||Workstation Security||Implement physical safeguards for all workstations that access electronic protected health information, to restrict access to authorized users.||GateKeeper provides a mechanism to automatically prevent unauthorized access to unattended computers.|
-- Unique User Identification
|Assign a unique name and/or number for identifying and tracking user identity.||Each GateKeeper token address is associated with a user identity. Users can be identified and tracked by the hardware dongle identifier.|
-- Automatic Logoff
|Implement electronic procedures that terminate an electronic session after a predetermined time of inactivity.||Combined with an organization's group policy for automatic logoff, GateKeeper provides an additional layer of access control by automatically locking a workstation when a user is no longer in proximity.|
|164.312(b)||Audit Controls||Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.||GateKeeper audits user login activity within the enterprise platform.|
|164.312(d)||Person or Entity Authentication||Implement procedures to verify that a person or entity seeking access to electronic protected health information is the one claimed.||GateKeeper uses a hardware token associated with an active directory account to create a multi-factor authentication (MFA) system.|
For any additional questions or concerns regarding securing PHI, proximity settings, computer locking, or credential management, or HIPAA compliance, 2FA/MFA, please contact GateKeeper Enterprise support using the Support Ticket form on https://gkaccess.com/support/ or email firstname.lastname@example.org.
HIPAA violation; How to use GateKeeper for HIPAA; How to make sure you are HIPAA compliant; Healthcare IT security; HIPAA compliance made easy.; secure PHI; easy HIPAA compliance; Lock unattended computers automatically; auto-lock computers, HIPAA; HITRUST compliance; compliance in healthcare; automatic compliance HIPAA; Implement authentication procedures for hospitals; doctor login; handsfree login to hospital computer; hands-free PC login; medical computer login; key login for HIPAA; HIPAA solution; HIPAA compliance solution; HIPAA product; IT Director HIPAA; CISO HIPAA; CSO HIPAA; IT Manager HIPAA; HIPAA IT; Information Technology HIPAA compliance; Network administrator HIPAA; technology for HIPAA; HIPAA solution; automatic HIPAA auditing; automatic HIPAA compliance authentication; doctor's office hipaa; dental office hipaa; health care clinic hipaa compliance; specialty medical facility compliance; pharmaceutical compliance; medical compliance; compliance in healthcare; employee education; health care sector; health care industry; medical industry; practice administrator; health care compliance solution; patient privacy; protecting phi; protected health information; electronic health record protection; ehr login; lock ehr automatically; HIPAA enforcement; HIPAA automation technology solutions; data loss prevention in hospitals; § 164.306; hipaa scrutiny; hipaa checklist; hipaa requirements; solve hipaa; avoiding hipaa fines; how to be hipaa compliant easily;