Virtual Psychology HIPAA Complaince
VP provides its users with a HIPAA compliant computing environment.
VP HIPAA compliance checklist:
- Logging and auditing db access only by authorized users.
- Staff HIPAA guidelines education
- Data encryption in transition and in reset (vp dbs and emails)
- Backup and recovery plans.
- BAA - signed with the infrastructure providers (GCP, Workspace, and Mailgun).
Discover Sensitive Data; Monitor Data Usage; Manage User Access; Mask Data.
• Discovering where sensitive data lives—in the cloud and on-premises. The first step in protecting data is knowing where an organization’s sensitive data is. Automated discovery and classification are the only reliable way to routinely and consistently discover and classify new or modified database instances containing sensitive data.
• Monitoring data usage activity across a broad range of data stores. While databases are a prime target for criminals, sensitive data exists in many types of systems–databases, Big Data platforms, Workspace portals, and file stores. And this data lives both in the cloud and on-premises.
• Managing user access. Attackers look for easy opportunities to access sensitive data. They target privileged user accounts, users with excessive access rights, and dormant user accounts. To limit lateral movement of attackers and reduce the risk of a data breach, healthcare organizations must proactively monitor privileged users, identify users who have excessive privileges, and deactivate dormant user accounts.
• Masking data in non-production environments. Data masking reduces the attack surface by eliminating sensitive data in non-production
environments. Rather than creating copies of sensitive data for test and development teams or for market research purposes, healthcare organizations can enable these groups by replacing sensitive data with realistic, fictional data.
* HIPAA Compliance on Google Cloud Platform - https://cloud.google.com/security/compliance/hipaa
* HIPAA Compliance with Google Workspace and Cloud Identity - https://support.google.com/a/answer/3407054?hl=en
* Mailgun HIPAA Business Associate Addendum - https://www.mailgun.com/hipaa-baa/