That is a very complicated question. I'm generalizing so please don't try to pick this apart for flaws and FYI, I'm not a lawyer, I'm not trying to interpret laws and give you advice in a legal capacity. Dealing with doctors means you have to deal with HIPAA, HITECH, the new Omnibus rule and whatever state level regulations you might have. You as a BA to your doctor's office have a responsibility to ensure that you are compliant with all regulations that a doctor must comply with. I recommend that you look at your policies and procedures to determine if you are accessing ePHI in a manner that is HIPAA compliant. If you aren't following the regs it doesn't matter whether or not the tool is compliant. However assuming you have covered your bases I think it is a fair question. It comes down to information access: Does the One Platform have access to ePHI? The answer is maybe. If you are using the Acronis backup the answer is yes. Valkyrie, probably. The RMM and remote access tools are a definite maybe.

I would boil it down into a couple of questions:
1) Do any of the Comodo agents have the capacity to take data off of these machines, if so is it encrypted and is there an audit trail?
2) Is the Remote viewer encrypted (covering data in transit rules)? Is there or will there be an audit trail for accessing machines?
3) If it is determined that Comodo One platform has the potential to “create, maintain, transfer or receive” of PHI then there should be a process put in place to sign a BA agreement. Does that process exist?


Josh

In Germany we have a document / contract provided by the BSI . We sign that for our customers / clients. But good to know if c1 is HIPAA safe.

best

Michael

I would like a staff member's response too

Hi jtlogic
Your questions are too complicated to answer in a forum post since we won't be able to get and provide complete information which might lead to inaccurate answers. If you're really interested, we could ask someone from our Sales and Marketing team to contact you to answer all your queries and possibly set-up a demo for you. You may contact our sales department via sales@comodo.com

Set up a demo? I already use Comodo One MSP, I want to know if the RMM software is HIPAA compliant such as the remote feature, the data stored like umm, customer info, machine info etc, if it is secure on Comodo's side. What is complicated about that?

Hi jtlogic
We are pleased to inform you that the feature you have requested (C1 portal HIPAA compliant) is on our roadmap and planned to be delivered by the end of 2017Q3. We will reach back to you with more updates regarding the development progress as soon as possible.

Any updates on this?

Hi jtlogic
It is planned to be delivered by the end of Q3. We appreciate your patience and your understanding in this matter!

looking forward to hearing when c1 will be hipaa compliant

geekpoint

We are glad that more and more users are contributing their requests to improve the platform. We will notify you once this feature becomes available

Carl, is this still on track for the end of Q3?

Hello RTT,

The planned release of "C1 portal HIPAA compliant" was recently moved to 2018Q3. We will be adding you to the list of interested partners and we will be sending the updates through the email.

Thank you,

So... what specifically isn't HIPAA compliant?

jtlogic easterntech50 @hm geekpoint RTT ,

HIPAA compliancy would not apply to Comodo ONE Platform itself since we are not storing any HIPAA related PI data. So, each MSP should review their processes to be sure they are compliant with HIPAA on their operation including Comodo ONE usage.

In addition, Comodo ONE provides the necessary back end support to help with compliancy like two-factor authentication, encrypted communication, etc...


What other specific queries encompassing your compliancy upon using our platform do you wish to ask?