|Subject:||Syncrify HIPAA Checklist|
|Creation date:||11/15/21 11:55 AM|
|Last modified on:||11/18/21 2:17 PM|
If your Syncrify operates in a Healthcare environment, you must be following all HIPAA guidelines. This document will serve as a checklist to ensure that Syncrify stays within its regulations. There are two rules in HIPAA that you need to be aware of:
These rules require appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information. They are in place to ensure that patients have control over their personal healthcare information.
The most important requirement is that the machine containing personal information of your clients must be secure. The ONC has created a tool that will allow you to check the security of your machines, and give you some idea as to how to better secure them. You can read more about this tool and download it on their page here.
It is recommended that you install this tool and follow it in order to better protect your environment.
Within Syncrify itself, there are many features you can utilize to assist you in staying within the requirements of HIPAA.
In Syncrify, there is an option for encryption from within the client GUI. By utilizing this feature, you ensure that only the people and machines who have access to the source data of the patient can see the data. The data is encrypted on the client-side before transmitting over the network to the backup repository. You can read more about this feature here.
Syncrify uses Email to send daily backup reports to administrators as well as backup reports to users. It offers two methods of securing these communication channels, STARTTLS and SSL. By using these secure connections you can ensure that the email reports containing lists of backed-up files are securely sent via email.
The AuditTrail.log file is an audit trail of anything connected to your Syncrify server, including the clients. It will contain the full list of web portal account logins, the machines they logged in from, as well as client machine logins as well. In the event that you believe a Syncrify client machine might be compromised, or the web portal has been breached, this log will contain any information possible to identify the culprit.
In addition to being able to find potential breaches, it is good practice to schedule frequent reviewing of this log to ensure that there are no issues.
Admin access to the web portal should also be restricted. You can restrict the admin account access to localhost within the Syncrify admin console by checking the box for Restrict Admin Access to Localhost under Security Configuration. However, if your machine is not able to be physically accessed, you will need to secure access to the machine elsewhere.
In addition to restricting admin access, you should also restrict client machine access. This is mostly done outside of Syncrify by ensuring only authorized individuals have specified access to machines with Syncrify Clients. However, with the ISP branding feature, you can also password protect the Syncrify Client itself so that no one other than administrators can open or modify the client profiles.
By utilizing the above features you can ensure that your use of Syncrify and Syncrify Client fall within HIPAA regulations. However, it is also important to be familiar with these regulations so that you can keep the environment outside of Syncrify within the guidelines as well. You can read more about HIPAA and its requirements here.