HIPAA, the Health Insurance Portability and Accountability Act, section 164.312, provides guidelines for administrative and technical safeguards to help protect sensitive healthcare data and protected health information (PHI).

Banyan Security’s Zero Trust Network Access (ZTNA) solution provides critical protections for a large number of these important HIPAA safeguards.

The table below provide recommendations and guidance.

Standard: Access control Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights as specified in § 164.308(a)(4). Banyan implements granular role-based access control (RBAC) for all authorized services and applications which are used by health care IT professionals. Granular access can be provided at an employer, group, or user level and takes into consideration the device identity and device posture status. This RBAC can be mapped to the administrative safeguards set up pursuant to §164.308.
Unique user identification Assign a unique name and/or number for identifying and tracking user identity. Banyan integrates with existing identity providers and assigns access permissions based on enterprise single sign-on.

Banyan also provides the ability to create users and groups natively on the solution.

All logging is done based on a unique user and device pair.

Emergency access procedure Establish (and implement as needed) procedures for obtaining necessary electronic protected health information during an emergency. Remote terminals, deployed globally in disaster recovery (DR) site such as cloud service providers and branch offices, will be available to access server infrastructure in an emergency. Banyan can make sure your permissions are enforced even during emergency SSH sessions. Banyan allows you to deploy an unlimited number of connectors at no extra cost, allowing you to have numerous disaster recovery sites.
Automatic logoff Implement electronic procedures that terminate an electronic session after a predetermined time of inactivity. Banyan supports inactivity timers and can also leverage inactivity timers from external identity providers. When the timer threshold is reached, the session ends and all access to resources are blocked or terminated.
Encryption and decryption Implement a mechanism to encrypt and decrypt electronic protected health information. All sessions and data traversing through Banyan automatically utilize end-to-end transport encryption. Banyan also encrypts transport traffic for backend web servers that are not using encryption natively.
Standard: Audit controls Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information. Banyan records access activity to provide information on who, when, from what device, and to what resource.
Standard: Integrity Implement policies and procedures to protect electronic protected health information from improper alteration or destruction. Banyan’s integrates with your existing healthcare IT network and resources to ensure only authorized users on authorized and compliant devices can access records and data. The entire session, from authentication to access is logged for auditors.
Mechanism to authenticate electronic protected health information. Implement electronic mechanisms to corroborate that electronic protected health information has not been altered or destroyed in an unauthorized manner. Remote file integrity and verification tools such as rsync and tripwire can utilize Banyan for secure remote access without modification. Your development teams can utilize off-the-shelf open source tooling and scripting techniques to solve complex data validity and integrity challenges.
Standard: Person or entity authentication Implement procedures to verify that a person or entity seeking access to electronic protected health information is the one claimed. Banyan’s role-based access control simplifies access procedures by providing device-user and application-user segmentation. Authorization decisions are made on various factors such as user, group, device identity, device state, and risk levels.
Standard: Transmission security Implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network. Banyan enables and protects various transmission methods from web-based applications to access via RDP and SSH. Databases and Kubernetes clusters are also protected and accessible.
Integrity controls Implement security measures to ensure that electronically transmitted electronic protected health information is not improperly modified without detection until disposed of. End-to-end transport encryption as provided by Banyan is a fundamental building block for ensuring the integrity of files sent between locations.
Encryption Implement a mechanism to encrypt electronic protected health information whenever deemed appropriate. Banyan always takes care of transport encryption, allowing you to focus on encryption of protected health data while at rest on endpoint storage.
author avatar
Ashur Kanoon