I am doing some research on whether or not Comodo One MSP software is HIPAA compliant. Any other info on MSP compliancy with HIPAA or good guides to become compliant are welcomed.
Announcement
Collapse
No announcement yet.
Is Comodo One HIPAA compliant?
Collapse
X
-
That is a very complicated question. I'm generalizing so please don't try to pick this apart for flaws and FYI, I'm not a lawyer, I'm not trying to interpret laws and give you advice in a legal capacity. Dealing with doctors means you have to deal with HIPAA, HITECH, the new Omnibus rule and whatever state level regulations you might have. You as a BA to your doctor's office have a responsibility to ensure that you are compliant with all regulations that a doctor must comply with. I recommend that you look at your policies and procedures to determine if you are accessing ePHI in a manner that is HIPAA compliant. If you aren't following the regs it doesn't matter whether or not the tool is compliant. However assuming you have covered your bases I think it is a fair question. It comes down to information access: Does the One Platform have access to ePHI? The answer is maybe. If you are using the Acronis backup the answer is yes. Valkyrie, probably. The RMM and remote access tools are a definite maybe.
I would boil it down into a couple of questions:
1) Do any of the Comodo agents have the capacity to take data off of these machines, if so is it encrypted and is there an audit trail?
2) Is the Remote viewer encrypted (covering data in transit rules)? Is there or will there be an audit trail for accessing machines?
3) If it is determined that Comodo One platform has the potential to “create, maintain, transfer or receive” of PHI then there should be a process put in place to sign a BA agreement. Does that process exist?
Josh
- 2 likes
-
Hi jtlogic
Your questions are too complicated to answer in a forum post since we won't be able to get and provide complete information which might lead to inaccurate answers. If you're really interested, we could ask someone from our Sales and Marketing team to contact you to answer all your queries and possibly set-up a demo for you. You may contact our sales department via sales@comodo.com
Comment
-
Set up a demo? I already use Comodo One MSP, I want to know if the RMM software is HIPAA compliant such as the remote feature, the data stored like umm, customer info, machine info etc, if it is secure on Comodo's side. What is complicated about that?
Comment
-
-
jtlogic easterntech50 @hm geekpoint RTT ,
HIPAA compliancy would not apply to Comodo ONE Platform itself since we are not storing any HIPAA related PI data. So, each MSP should review their processes to be sure they are compliant with HIPAA on their operation including Comodo ONE usage.
In addition, Comodo ONE provides the necessary back end support to help with compliancy like two-factor authentication, encrypted communication, etc...
What other specific queries encompassing your compliancy upon using our platform do you wish to ask?
Comment
Comment