| Standards | Section | Description | Healthy Server Compliance |
| Administrative Safeguards |
| Security awareness and Training | §164.308(a)(5) | Protection from Malicious Software | Daily scan for viruses and malware |
| Security Incident Procedures | §164.308(a)(6) | Response & Reporting | Automated email notifications to notify potential virus and/or malware |
| Contingency Plan | §164.308(a)(7) | Data Backup Plan | Daily onsite Backup, Daily Offsite Backup and Carroll-Net Datacenter Archive |
| Disaster Recovery Plan | Healthy Service provide two recovery options; 1) Onsite directly from the Healthy Server and 2) Recovery from the Carroll-Net Datacenter Archive |
| Emergency Mode Operating Plan | All security procedures automatically stay in effect regardless of size or scope of disaster |
| Testing & Revision Procedures | Customers can choose to perform test restores as frequently as their procedures require |
| Application & Data Criticality Analysis | Daily Backup Status Reports, and Backup Job Detail Reports |
| Business Associate Contract | §164.308(a)(8) | Written Contract | Healthy Server Business Associated Agreement |
| Physical Safeguards |
| Workstation Security | §164.310(c) | | LoJack for Theft Recovery and Logic Bomb to destroy stolen patient records |
| Device and Media Controls | §164.310(d)(1) | Disposal, Media Re-use | All equipment returned to Carroll-Net at end of contract goes through a careful wipe down and erasure to ensure complete data destruction |
| Technical Safeguards |
| Access Control | §164.312(a)(1) | Unique User Identification | Each Carroll-Net Backup Engineer is assigned their own login which is tightly controlled and logged |
| Emergency Access Procedure | Emergency Access is limited to designated personnel at the customer’s facility or their previously authorized IT professionals |
| Audit Controls | §164.312(b) | | Daily backup jobs log their actions. Designated customer personnel have access to their logs |
| Integrity | §164.312(c)(1) | Mechanism to confirm the integrity of data. | Healthy Server software performs and automatic MD4 cryptographic hash of customer records and compares this signature to confirm the information integrity |
| Person or Entity Authentication | §164.312(d) | | Each Carroll-Net engineer is assigned their own username and password. And each Healthy Server has it’s own VPN username and password |
| Transmission Security | §164.312(e)(1) | Integrity Controls | Healthy Server software uses block level and file level checksums to ensure data integrity of all transmissions |
| Encryption | Healthy Server transmissions are encrypted using 1024-bit SSL |
| Organizational Requirements |
| Business Associate Contract | §164.314(a) | Business Associate Contracts | Healthy Server Business Associated Agreement |
Questions? Call (888) 432-1638
