HIPAA / HITRUST Azure Security Envelope

The Azure Security Envelope enables Healthcare providers to move their on-premises apps and workloads into the cloud with full HIPAA/HITRUST compliance, quickly, cleanly and affordably. For ISVs, the HIPAA/HITRUST Azure Security Envelope enables them to allocate more resources to develop innovative software applications that can improve customer service and maximize operational efficiencies.

“With a HITRUST CSF Certification, Project Hosts’ A6 Security Envelope provides an ideal Azure environment for Healthcare Providers and ISVs in need of a fully attested cloud platform. Project Hosts extends HITRUST CSF certification to the SaaS-level so that organizations can secure ePHI and implement cloud solutions without incurring the effort and expense typically required to design, implement, document and audit the application-level security controls required for full regulatory compliance.”  Hector Rodriguez, Director, Microsoft Worldwide Healthcare at Microsoft Corp

Highlights

  • Azure Security Services

    A turnkey Azure environment that ensures that any Windows or Linux apps deployed are fully compliant with ISO 27001, HIPAA and HITRUST security standards at the software (SaaS) level. Elements of this include: HIPAA/HITRUST Security Compliance, Azure Applications and Access Management Services, Azure Performance Management Services, and Documentation and Compliance Management.

  • Backup & Archiving Services

    Leverage Azure services and third party tools to provide archiving for Office 365 email – a necessity for security and eDiscovery requirements.

  • Disaster Recovery Services

    Advanced Disaster Recovery for on-premises solutions that support the recovery of secured data and applications when an customer on-premises outage happens at their primary datacenter.

  • Portals & Websites

    Quickly create and manage HIPAA and HITRUST compliant customer portals and websites using the industry’s most popular website content management systems including Drupal, Joomla and WordPress.

  • Virtual Desktop

    Implement thin client solutions using RDP (Remote Desktop Protocol) and eliminate the need to protect information within a Healthcare provider’s physical location by keeping all ePHI in the cloud, accessible through web-based devices.

  • Compliance Management Tools & Services

    For healthcare providers managing their own Azure subscriptions, the ISMScloud.com provides a secure, online application to help manage and document the process of gaining your HIPAA/HITRUST compliance

Azure Security Envelope Services

Project Hosts’ Azure Managed Services with Extended Security fill the current gap that many healthcare organizations have in managing critical elements of their Azure deployments, including:

  • Azure Security Management
  • Continuous Monitoring & Performance Optimization
  • Applications Access & Management,  User Support

Azure Security Management

Azure takes care of the physical security of their data centers as well as access control and the security surrounding physical devices. But Azure leaves it up to each customer to secure and restrict access to their own virtual servers/subnets.  Secure your Azure subscription:

  • Meet your required securty level/policies
  • Access Control
  • Intrusion Detection/Prevention
  • Malware Protection Management
  • Application Lockdown Maintenance
  • Incident Response Planning and Testing

Project Hosts’ Azure Security Management services include implementing and managing the following:

  • HIPAA Security Controls (as defined by ISO 27001 and/or NIST 800-66)
  • HITRUST Security Controls (as defined by HITRUST CSF-certification)
  • Azure subnets with their NSG “firewall” access controls
  • An Active Directory Domain to manage servers and group policy
  • Web Application Proxy (WAP) servers as the controlled front door to the Deployment
  • McAfee Host Intrusion Prevention System (HIPS) on every server, and , EndPoint Protection and centrally managed by ePolicy Orchestrator
  • Remote Desktop Gateway servers for secure remote administration
  • Logging configuration, collection, alerting, and review
  • Connection to Project Hosts’ Tenable SIEM system
  • Nessus OS, and DB and application software vulnerability scanning and patching
  • Project Hosts’ configuration change authorization and management system (CCR tool)
  • Project Hosts’ Centralized inventory tracking and alerting system (Admin Center)
    Incident response system with periodic tests

Continuous Monitoring & Optimization, Performance Management

When a deployment is first architected for Azure, it is optimized and updated for its initial and originally intended usage scenario. As time passes, deployments are typically modified to meet additional needs and as such require additional updates and re-optimization:

  • Continuous Monitoring
  • Update and Patch
  • Architecture Optimization
  • Database and Application
  • Third Party Application
  • Backup and Restore
  • Disaster Recovery

Project Hosts’ Azure Performance Management services include the following:

  • 24/7 performance monitoring and alerts with customer dashboard
  • Provisioning servers or scaling to larger or smaller servers
  • Weekly virtual image backup and restore
  • Weekly, daily, hourly database backup and restore
  • Managing and testing DR restores in secondary Azure data center
  • OS systems administration for Windows and Centos Linux
  • Database administration for Microsoft SQL and MySQL
  • 24/7 technical support
  • Performance optimization recommendations

Applications Access and Management, User Support

Project Hosts’ Azure Access Management services include implementing and managing the following:

  • Multifactor authentication for all users (PIV and CAC cards)
  • Single sign-on (SSO) from other authentication systems
  • Monthly/Quarterly web application vulnerability scanning
  • Monthly/Quarterly cloning of servers in the deployment for scanning (where scanning production servers would cause disruption)
  • Coordination with customer to patch web applications or modify configurations
  • 24/7 support of applications on Project Hosts’ approved application list
  • Project Hosts’ user authorization and administration tool (PH Portal)
  • Azure cost optimization recommendations

Project Hosts offers a unique Person-2-Person support service to ensure customer satisfaction and resolve issues as they arise:

  • Performance Issues
  • Connectivity Issues
  • Anomalous Application Behavior
  • Bug Resolution and Case Management
  • Guaranteed Response Times
  • Financially-based SLAs (Service Level Agreements)