The HIPAA Seal of Compliance
The HIPAA Seal of Compliance is the healthcare industry’s third party HIPAA verification. There is no formal HIPAA compliance certification from the federal government or subsidiary regulatory agencies. That’s why health care professionals around the country rely on Compliancy Group’s HIPAA Seal of Compliance to demonstrate their good-faith effort toward achieving HIPAA compliance.
The HIPAA Seal of Compliance has become the healthcare industry standard for verification. Federally-mandated HIPAA standards, regulated by the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR), are fully addressed and incorporated into an effective, organization-wide compliance program.
Use our HIPAA verification tool below to verify that the organization you’re working with has been awarded our Seal of Compliance. We’ll check our records and verify the organization in question has completed our Achieve, Illustrate, and Maintain process in its HIPAA compliance program to safeguard protected health information (PHI).
Our HIPAA verification process assures you that the Seal of Compliance is being legitimately used. Enter the full name of the organization in question and a member of our team will directly respond to the inquiry and personally verify the organization’s legitimate use of the Seal.
Security At Radius
Radius is committed to the security of our infrastructure and our users’ data. Every component of our infrastructure has been designed to give you the foundation to manage your account securely to meet your needs. Radius meets the requirements for HIPPA compliance. While Radius is not a Covered Entity as defined by HHS, Radius does contain requirements within the system that Covered Entities include such as: Unique User Identification, Emergency Access Procedure, Password Requirements (Minimums and Change Requirements), Encryption, Decryption and more.
Shared Security Model
Security is up to all of us, including you.
Security is a shared responsibility at Radius. We control the physical and virtual hosts and can offer a high level of physical and environmental security with both our compute and storage offerings. You’re responsible for making sure your Radius Account are securely configured and patched. By following best practices, you can build accounts to meet the exacting standards required by HIPAA, PCI-DSS, GDPR, and your customers.
Physical Security and Networking
Every Instance of Radius has extensive physical, environmental, and network capabilities in place:
Access to the data center floor is restricted to data center employees and authorized visitors.
Data Centers are staffed 24/7/365 with security guards and technicians.
All employees and visitors are identified using biometrics and state issued Ids before entering the facility.
HVAC and power have redundant systems, so if one goes out, the others keep our systems powered and within operating temperature.
Multiple Internet carriers using independent fiber connections to the data center floor.
Server Security
The servers themselves operate within Xen Virtualization, which ensures that each server has its own kernel and user space, which are fully separate from other servers.
Firewall to limit and block unwanted inbound traffic.
SSH key pair authentication connections are authenticated by matching the public key with the private key
Fail2Ban prevents dictionary attacks on servers. When Fail2Ban detects multiple failed login attempts from the same IP address, it creates temporary firewall rules that block traffic from the attacker’s IP address
2048-bit SSL Encryption (https://accountnamehere.radiusbob.com)
User Authentication
Account Level Admin controls to maintain organizational security requirements.
Unique Usernames and Passwords
User Password Requirements – Minimum Password Length, Maximum Password Age (Required Password Changes over X Days)
New Session Date and Time Stamped Per User
Two Factor Authentication Login through SMS (2FA)
Database and Data Storage
Daily, Weekly and Monthly Data off site backups
Encrypted Data in Motion
Encrypted Data at Rest
Server Logs at User Level.
HIPAA (U.S. Health Insurance Portability and Accountability Act):
Covered entities and their business associates subject to the U.S. Health Insurance Portability and Accountability Act (HIPAA) can maintain compliance using Radius as their Cloud Hosted Solution. While Radius provides the platform and does not generally engage in activities or functions that make it a HIPAA Covered Entity, the compliance responsibilities are handled by your organization. Specifically, a customer that subscribes to use a Radius Account has the exclusive authority and ability to manage all technical safeguards required by HIPAA with respect to its PHI, including access controls, audit controls, integrity, authentication and transmission security.
Recommendations
Radius recommends that you configure your account using the built in Security Measures.
For some guidance on how to harden your systems, start here:
Unique Username And Passwords
Set Required Minimum Password Characters to 8 Minimum
Set Password Update for every 90-120 Days for Users
Require Two Factor Authentication Upon Login for Users
Build Custom Fields using the Encrypted Option
Delete Users as quickly as possible