• No results found

Security Considerations

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Security Considerations"

Copied!
11
0
0

Loading.... (view fulltext now)

Download now ( 11 Page )

Full text

(1)

Concord Fax

(2)

F

or over 15 years, Concord’s enterprise fax solutions have helped many banks, healthcare professionals, pharmaceutical companies, and legal professionals securely deliver mission critical fax transmissions. With our focus on privacy, Concord has developed a network that protects the security of our customers and the documents they send and receive. This document will go into detail about the many security measurements Concord has in place, but here is a brief outline:

Compliance Standards

• Annual SSAE-16 SOC-2 Type 2 Audit conducted (effective January 2015) • HIPAA Compliant

• PCI DSS Certified

• Compliant with US – EU Safe Harbor framework Physical Security

• Private datacenter suites in secured and guarded buildings. • Badge access and two factor authentication for all datacenters • Closed Circuit Video security and monitoring

Network Security

• Data encrypted both in-transit and at-rest

• Utilize Secure Sockets Layer (SSL) encryption for all web traffic • Utilize Transport Layer Security (TLS) for all email communication (opportunistic or enforced)

• Enforceable zero image retention policy • Support AES 256-bit encryption

• Active intrusion protection Logical and Application Security

• All logins and access is logged and recorded • Complex password requirements

(3)

Concord Fax Security Considerations :: www.concordfax.com :: [email protected] :: (888) 271-0653 •

3

Overview

C

oncord’s Cloud Network has been specifically

de-signed around security needs of modern business. Whether you are protecting Patient Health Information (PHI), securing Payment Card Information, or transmitting financial documents, we know that security is a high priority to you and your customers.

One of the first things to recognize is that Concord is providing a messaging service. Many SaaS applications process and retain data; which leads to a variety of security risks that don’t apply to us-ing Concord. In the most basic form, Concord receives a document

(4)

Concord offers a variety of options and features to allow customers to use Concord’s fax services in a manner compliant with almost all security standards. In addition, Concord’s secure network can be set up with zero image retention, making sure no images are stored on the network, while still offering extensive data reporting tools that may be needed for your business needs or audit requirements.

Concord operates two fully secured, redundant data centers with biometric and key card access in secured and guarded facilities. Access to Concord data centers is logged and limited to essential Concord personnel. Concord’s network uses 2048 bit, or stronger, RSA keys to encrypt and protect customer data on the internet and Concord is compliant with the guidelines for the US-ES Safe Harbor and the US-Switzerland Safe Harbor framework.

(5)

Concord Fax Security Considerations :: www.concordfax.com :: [email protected] :: (888) 271-0653 •

5

Communication and Connectivity

Considerations

C

oncord makes HIPAA and PCI compliance easier

to achieve than with conventional fax machines, which have to be physically secured to be

compliant. Many regulations and standards such as HIPAA specifically do not allow the transmission of non-encrypted messages over the public internet.

(6)

Document Storage

M

any compliance regulations govern and regulate the archiving and retention of documents

containing confidential information. Because Concord encrypts messages while in-transit and while at-rest, you can select how long documents are stored on Concord’s while still being secure. If you are building your business workflow to meet more complex security standards, Concord can automatically set the image retention policy to zero for your whole company. A zero image retention policy will ensure that the fax document is destroyed after it is delivered and that none of the documents, images, or confidential fax content that has passed through our network is retained within any component of our network. Concord still provides administrators with the Concord Web Portal which allows for extensive reporting and tracking on all fax activity for your organization. Delivery confirmations and detailed call logs, for both inbound and outbound, are all available through the Web Portal or as downloadable Call Detail Records.

(7)

Concord Fax Security Considerations :: www.concordfax.com :: [email protected] :: (888) 271-0653 •

7

HIPAA

T

he US Department of Health and Human Services (HHS)

has issued regulations and guidelines for meeting HIPAA Security Standards. The HHS Standards for Privacy of Individually Identifiable Health Information, Code of Federal

Regulation 45 sections 160 and 164 provides the guidance and requirements for protecting the privacy of health information. Concord has developed their business model and network around meeting these requirements and regulations and with FaxRX we contractually function as a Business Associate to our Health Care Clients. A Business Associate is a person or entity that performs certain functions

or activities on behalf of a covered entity involving the use or disclosure of PHI. For fax transmissions of PHI, both the covered entity and the Business Associate are required to implement and follow security measures pursuant to HIPPA

regulations. This contractual commitment assures our clients total peace of mind. With Concord, inbound faxes will be securely routed through TLS to an email address. Healthcare businesses will commonly assign each key individual within a practice or department with a unique fax number associated with their email address. Since authentication is required on the email client to access the faxes, there is no concern that the PHI will be accessed by a 3rd party. Email provides an easy method for a user to quickly search for particular faxes from a particular sender and retrieve the records that they need quickly and efficiently. Additionally, electronic delivery of faxes enables simple association of the fax to medical records in EHR systems or Practice Management Systems and having faxes embedded in email means that these records are also securely backed up and stored.

(8)

HIPAA Requires that all faxes containing PHI have a cover sheet that clearly states that the fax contains confidential health information, is being sent with the patient’s authorization, should not be passed to other parties without express consent and should be destroyed if not received by the intended recipient. Patient data should not be visible on the cover page but should be appended to it. Concord FaxRx offers a default coversheet for all users that clearly states all of the HIPAA disclosure requirements. These coversheets can be customized with your company branding and can be designed to not allow free-form text or PHI on the cover sheet.

Concord Fax stores detailed records of all fax transmission and receipts and makes these available for search and retrieval via our secure Concord Web Portal. These extensive reports include necessary data such as the date, time, and recipients fax number. By default, FaxRX configures accounts to not store the actual images of the faxes and thus PHI on the Concord’s network.

(9)

Concord Fax Security Considerations :: www.concordfax.com :: [email protected] :: (888) 271-0653 •

9

Payment Card Industry Data Security Standard (PCI DSS)

PCI DSS has been established as a standard to evaluate and control the security and privacy of personal banking information related to the Payment Card Industry. PCI DSS has a set of clearly defined and strict requirements governing access to, and storage of, private information. Many of these controls and privacy standards overlap with those required for HIPAA, such as how information is exchanged between the customer’s network and Concords, and have been covered in the preceding section. Protecting PCI should be handled by securing your full business process, in which Concord can help achieve. The Concord Fax network undergoes full security audits quarterly for PCI DSS Certification and maintains optimal security for protecting cardholder information.

Concord allows for setting a company wide zero retention policy for any PCI traffic to simplify any audit requirements for PCI DSS compliance. With this configuration, Concord stores no data related to the transaction and thus no PCI data, removing the requirement for the customer to include Concord’s network in any regular audit requirements. Custom settings are available to transport copies of all sent and received faxes into your on-premise document management system for local records if needed.

(10)

SSAE-16 Type 2 Audit

C

oncord Fax is currently undergoing an SSAE-16 SOC-2 Type 2 Audit. SSAE-16 security standards

(11)

Concord Fax Security Considerations :: www.concordfax.com :: [email protected] :: (888) 271-0653 •

11

Conclusion:

C

oncord Fax can be used in full compliance with virtually all security and privacy standards.

Securing information and access to that information within your business requires diligent implementation, continual review and detailed governance of a large range of measures to ensure that private information remains secure and confidential. It requires that you implement compliant processes in your business governing every aspect of the transaction and communication, Concord is the most reliable partner to help you secure your business workflow.

References

Download now ( PDF - 11 Page - 330.70 KB )

Related documents

Remote service in Digital Cinema

From our product expertise, to secure network connectivity, up to the intelligent reporting tools, CineCare Web brings everything needed to enable remote service

de Villiers, C., Hay, D. C., & Zhang, J. Z. (2014). Audit Fee Stickiness. Managerial Auditing Journal, 29(1), doi: /maj

Design/methodology/approach – We explore the price behavior of audit fees in response to changes in the variables that are usually seen as their determinants, such as size,

The demand from the public authorities

Located on the Rue de la Loi, alongside the The One project (former Brussels Europa), this site of a little over half a hectare will offer more than 45,000 m² of mixed development,

HM150E

The hydraulics bench unit provides the basic ser- vices for the pumping and volumetric measure- ment of the water supply with which all the additonal accessories and experiments

1. Product Overview 2. Product Features 3. Comparison Chart 4. Product Applications 5. Order Information 6. Q & A

Network Security, Secure Messaging Network Security, Secure Messaging PKI Application, Network Security, Secure Messaging Security Access Module (SAM), Secure Messaging

Network Protection and Information Security Policy

administrator is responsible for making periodic backups. To ensure that valuable or critical data is backed up, it must be stored on network servers managed by the

: Aspects of Reformation in Aragon at the end of Charles V's reign.". The trial of the rector Miguel Monterde.

A su vuelta de Valladolid, Egidio, el 6 de junio de 1555, pocos meses antes de fallecer envió desde Sevilla una carta al rector en la que traslucía que

Curran, K. Tutorials. Independent study (including assessment) N/A

In addition, students will be given the opportunity to learn how to configure and test application and network security, deploy secure network based software