Introduction
Most of Electric's customers require some form of formal security compliance. This article provides more information about the technical, physical, and administrative safeguards that Electric can support to help your company achieve HIPAA compliance. Please note, not all controls are available for all packages and some of the services listed below may incur additional costs.
Scope of Support
Electric's services cover the devices, networks, and users within our scope of support. While this can significantly contribute to your security posture, our services do not include policies, audits or comprehensive controls considered out of scope. To learn more about how Electric can support your company, review our Service Details.
Technical Safeguards
Access Control
Manage employee onboarding and offboarding.
Manage access for in-scope users, systems, and networks.
Configure idle screen lock on workstations.
Configure access controls for in-scope systems, i.e. MFA (Multi-Factor Authentication), password minimum length and complexity.
Integrity Controls
Implementation of full disk encryption on workstations
Patching for workstations, servers and firewalls
Install Electric Supported Endpoint Detection and Response or other supported endpoint protection tools as requested.
Transmission Security
Patch and manage supported network equipment i.e. firewall, switch and wireless access points in alignment with Electric’s scope of support.
Physical Safeguards
Workstation Use
Provide inventory and base configurations for all in-scope and actively managed workstations.
Device and Media Controls
Destroy or wipe deprovisioned devices as requested by the customer.
Deploy and maintain Electric’s Default Security Controls on enrolled devices.
Implement endpoint protection tools as requested. Additional costs may apply.
Administrative Safeguards
Security Management Process
Identify who owns which device and assisting in implementing policies via Electric's device management software.
Workforce Security
Offboarding employees, cutting off access to devices and supported SaaS applications.
Information Access Management
Manage access and permissions for in-scope users, networks, workstations, and SaaS applications.
Security Incident Procedures
Operate as a point of contact for employee incident reporting
Assist with with communication and remediation of reported incidents.
Contingency Plan
Recover systems and data in the event of a crash or ransomware attack via our partnering vendors or with your supported backup vendor of choice.
Electric does not store, process or transmit PHI (Protected Health Information) as a Business Associate on behalf of its clients, nor is it a Covered Entity under HIPAA. Electric staff may have incidental access to PHI when supporting a customer. Electric will sign a BAA (Business Associate Agreement) that covers this incidental access.