All Collections
Security Controls
Security Audits and Compliance Policies
HIPAA Compliance with Electric
HIPAA Compliance with Electric

Electric's IT services can help you meet key security control requirements that are critical for becoming HIPAA compliant.

Updated over a week ago

Introduction

Most of Electric's customers require some form of formal security compliance. This article provides more information about the technical, physical, and administrative safeguards that Electric can support to help your company achieve HIPAA compliance. Please note, not all controls are available for all packages and some of the services listed below may incur additional costs.

Scope of Support

Electric's services cover the devices, networks, and users within our scope of support. While this can significantly contribute to your security posture, our services do not include policies, audits or comprehensive controls considered out of scope. To learn more about how Electric can support your company, review our Service Details.

Technical Safeguards

Access Control

  • Manage employee onboarding and offboarding.

  • Manage access for in-scope users, systems, and networks.

  • Configure idle screen lock on workstations.

  • Configure access controls for in-scope systems, i.e. MFA (Multi-Factor Authentication), password minimum length and complexity.

Integrity Controls

  • Implementation of full disk encryption on workstations

  • Patching for workstations, servers and firewalls

  • Install Electric Supported Endpoint Detection and Response or other supported endpoint protection tools as requested.

Transmission Security

  • Patch and manage supported network equipment i.e. firewall, switch and wireless access points in alignment with Electric’s scope of support.

Physical Safeguards

Workstation Use

  • Provide inventory and base configurations for all in-scope and actively managed workstations.

Device and Media Controls

  • Destroy or wipe deprovisioned devices as requested by the customer.

  • Deploy and maintain Electric’s Default Security Controls on enrolled devices.

  • Implement endpoint protection tools as requested. Additional costs may apply.

Administrative Safeguards

Security Management Process

  • Identify who owns which device and assisting in implementing policies via Electric's device management software.

Workforce Security

  • Offboarding employees, cutting off access to devices and supported SaaS applications.

Information Access Management

  • Manage access and permissions for in-scope users, networks, workstations, and SaaS applications.

Security Incident Procedures

  • Operate as a point of contact for employee incident reporting

  • Assist with with communication and remediation of reported incidents.

Contingency Plan

  • Recover systems and data in the event of a crash or ransomware attack via our partnering vendors or with your supported backup vendor of choice.

Electric does not store, process or transmit PHI (Protected Health Information) as a Business Associate on behalf of its clients, nor is it a Covered Entity under HIPAA. Electric staff may have incidental access to PHI when supporting a customer. Electric will sign a BAA (Business Associate Agreement) that covers this incidental access.

Did this answer your question?