Virtual Psychology HIPAA Complaince

<< Click to Display Table of Contents >>

Navigation:  »No topics above this level«

Virtual Psychology HIPAA Complaince

 Previous pageReturn to chapter overviewNext page

VP provides its users with a HIPAA compliant computing environment.

VP HIPAA compliance checklist:

Logging and auditing db access only by authorized users.

Staff HIPAA guidelines education.

Data encryption in transition and in reset (vp dbs and emails).

Backup and recovery plans.

Secured encrypted email system.

 

IMPORTANT: If you believe your account with us has been compromised in any way, you should immediately contact the VP security officer at security@virtualpsychology.com.

 

VP conduct regular security monitoring to discover sensitive data, data usage, manage user access privilege, and masking data.

• Discovering where sensitive data lives—in the cloud and on-premises. The first step in protecting data is knowing where an organization’s sensitive data is. Automated discovery and classification are the only reliable way to routinely and consistently discover and classify new or modified database instances containing sensitive data.

• Monitoring data usage activity across a broad range of data stores. While databases are a prime target for criminals, sensitive data exists in many types of systems–databases, Big Data platforms, Workspace portals, and file stores. And this data lives both in the cloud and on-premises.

• Managing user access. Attackers look for easy opportunities to access sensitive data. They target privileged user accounts, users with excessive access rights, and dormant user accounts. To limit lateral movement of attackers and reduce the risk of a data breach, healthcare organizations must proactively monitor privileged users, identify users who have excessive privileges, and deactivate dormant user accounts.

• Masking data in non-production environments. Data masking reduces the attack surface by eliminating sensitive data in non-production

environments. Rather than creating copies of sensitive data for test and development teams or for market research purposes, healthcare organizations can enable these groups by replacing sensitive data with realistic, fictional data.

 

Virtual Psychology signed BAA (Business Associate Agrement) with its infrastructure providers (GCP, Workspace, and Mailgun).

HIPAA Compliance on GCP - https://cloud.google.com/security/compliance/hipaa

HIPAA Compliance with Workspace and Cloud Identity - https://support.google.com/a/answer/3407054?hl=en

Mailgun HIPAA Business Associate Addendum - https://www.mailgun.com/hipaa-baa/