|Subject:||SynaMan HIPAA Checklist|
|Creation date:||11/18/21 2:18 PM|
|Last modified on:||11/22/21 12:37 PM|
If your SynaMan operates in a Healthcare environment, you must be following all HIPAA guidelines. This document will serve as a checklist to ensure that SynaMan stays within its regulations. There are two rules in HIPAA that you need to be aware of:
These rules require appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronically protected health information. They are in place to ensure that patients have control over their personal healthcare information.
First, it is important that, outside of SynaMan, the machines which contain the personal information of your patients or clients must be secure. The ONC has created a tool that will allow you to check the security of your machines, and give you some idea as to how to better secure them. You can read more about this tool and download it on their page here.
It is recommended that you install this tool and follow it to better protect your environment.
Within SynaMan itself, there are many features you can utilize to assist you in staying within the requirements of HIPAA.
Encrypting data is a great mechanism to use when you need to ensure the confidentiality of data stored on your SynaMan server. At-Rest Encryption encrypts files that are uploaded using SynaMan's web interface. These files are automatically decrypted right before they are downloaded from the web interface. You can read more about this feature here.
It is good practice to use HTTPS rather than HTTP for both your SynaMan and public links. This is strongly encouraged to provide enhanced security against man-in-the-middle attacks. If you need to have HTTP open as well, you can force SynaMan to send public links over HTTPS from the advanced options section of the admin console.
SynaMan can use Email to send public reports to recipients. It offers two methods of securing these communication channels, STARTTLS and SSL. By using these secure connections you can ensure that the emails sent containing public links are secured.
The AuditTrail.log file is an audit trail of anything connected to your SynaMan, including recipient downloads. It will contain the full list of web portal account logins, the machines they logged in from or sent public links from, including the files they requested or sent. In the event that you believe your SynaMan server or a user account might be compromised, this log will contain any information possible to identify the culprit.
In addition to being able to find potential breaches, it is good practice to schedule frequent reviewing of this log to ensure that there are no issues.
Admin access to the web portal should also be restricted. You can restrict the admin account access to localhost within the SynaMan admin console by checking the box for Restrict Admin Access to Localhost under Security Configuration. However, if your machine is not able to be physically accessed, you will need to secure access to the machine elsewhere.
In addition to restricting admin access, you should also restrict user access. With SynaMan, the only users that should have direct access to the web portal are only those that need to directly send or receive data.
SynaMan has the ability to require users to use strong passwords as well as two-factor authentication. Although this is not directly mentioned in HIPAA guidelines, it is an additional layer of security that will help you maintain the privacy of data.
By utilizing the above features you can ensure that your use of SynaMan falls within HIPAA regulations. However, it is also important to be familiar with these regulations so that you can keep the environment outside of SynaMan within the guidelines as well. You can read more about HIPAA and its requirements here.