"THE HEALTH INSURANCE PORTABILITY
AND ACCOUNTABILITY ACT"
HIPAA is a set of rules and regulations set up by the HHS (Department of Health and Human Services) to regulate two aspects of the medical industry, Privacy and Security. It is a certification program for the medical industry, business partners and agencies, to insure that they follow government rules for preserving the privacy and security of individuals and their records.
There are two major parts to HIPAA certification that must be met, the first is Privacy, with all agencies and their partnerships having to comply by April 14, 2003.
The second part is security, securing your data (computer and paper), data transaction and networks. The date on compliance with this portion of the act is April 20, 2005.
Neither of these requires or allows a software company to call themselves “HIPAA certified” since it is really the agencies responsibility to be certified. Instead software companies can claim they are compliant. More information can be found at http://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/ and http://aspe.hhs.gov/admnsimp/.
AnzioWin and Anzio Lite, with support for SSH, Secure Shell, are HIPAA compliant in strong encryption and authentication.
The Security
HIPAA rules specifically state what is and what is not allowed as far as data access, information exchange and computer networking between health agencies, insurance companies and any of their business partners, including everything from one person, work-at-home offices, to large hospitals.
Part of this is remote communications between two computers over a network or over the Internet. This is where AnzioWin fits in.
The recommended method of remote communications between a host computer and remote computers is the SSH, Secure Shell protocol, supported in full by our most recent versions of AnzioWin.
Rasmussen Software Products
AnzioWin supports the Secure Shell, SSH, protocol for remote access and supports the SSH version 1, SSH version 2 and OpenSSH standards.
It is the responsibility of each agency to put the software they use and their systems practices through the HIPAA Testing Certification program. AnzioWin will meet the standards for remote communications with the SSH protocol required by this testing.
Print Wizard at present does not support any encryption method, though work is under way on this for a future release.
The WēPO , Web Print Object, supports encryption through the use of secure web pages, https, and the SSL protocol. This is done through the server and client's browser however, and not directly through WēPO .
At present there are no plans to provide a secure Anzio Lite. If you have needs here, please let us know.
How Secure Shell Works
In order to utilize Secure Shell with AnzioWin, the host system that AnzioWin connects to must have the Secure Shell server services installed and listening for new connections. This runs similar to the telnet server software, but is not enabled by default on most host systems.
The Secure Shell server software can be downloaded from most vendor sites for your specific host operating system. If it not available, the source can be downloaded, compiled and installed by your system administrator - contact them for more information and to find out if it is available.
File Transfer
Over a Secure Shell session, you do have options for file transfer that would be secure. Serial protocols that run over the terminal session, such as Kermit, XModem and ZModem would all work over the encrypted pathways of SSH. However, some operating systems have problems with these protocols because of the flooding of the session with data (SCO UNIX is an example of an O/S with problems doing ZModem efficiently).
Also over an SSH session, we support both scripted and our user-interface for SFTP (SSH FTP protocol). This works similar to regular FTP but utilizes the current SSH login and connection.
Printing
Secure printing to remote printers over a passthrough print process is, of course, encrypted as it uses the SSH session to do the printing.
Secure printing can also be accomplished over "back-channel printing" in SSH, printing in the background through the local SSH session's login.
Printing over the LPD or HP Jetdirect® protocol is NOT encrypted. So while you may be running secure sessions, your printing may be a problem. Solutions are available, but they are not always easy to fit into your environment. We can help however.
If you have secure printing needs or concerns, please give us a call and we can discuss your options.
The Future
One of the fallacies of today's communications software is their full support for encryption methods. While the application may communicate by a secure channel, such as AnzioWin and Secure Shell, the print data may still go to the printer unencrypted, or a file transfer ran from within the program may transfer data as plain text.
This was not a problem in the past, most printers were connected locally, or at the most, on a small local area network, and most file transfer was done to a local host or over a serial direct line. With today's technology, printing is now done wide-spread over the Internet to remote printers, and file transfers rarely go to the same host or even a local host system.
Be careful in assuming everything is encrypted.
We are currently working on several new ideas for secure printing and secure file transfer. Give us a call and we can discuss your needs.