HIPAA Compliance Tutorial
How IDHub Help to Achieve HIPAA Compliance
- Centralized user management: IDHub provides a centralized location to manage all user accounts and access privileges. This makes it easier to track who has access to PHI and to make changes to access privileges as needed./home/abmo0401/Desktop/docs/static/img
- Single point of access to all systems and data: IDHub can authenticate users and authorize their access to all the systems and data they need, from electronic health records (EHRs) to billing systems to patient portals. This can help to improve efficiency and reduce the risk of errors.
- Enforcing granular access controls: IDHub can be used to enforce granular access controls, so that users only have access to the systems and data they need to do their jobs. This helps to protect sensitive patient data from unauthorized access.
- Role-based access control (RBAC): RBAC allows covered entities to grant users access to PHI based on their job roles and responsibilities. This helps to ensure that users only have access to the PHI they need to perform their jobs.
- Multi-factor authentication (MFA): MFA requires users to provide two or more factors of authentication to log in to IDHub. This helps to protect user accounts from unauthorized access.
- Automating provisioning and deprovisioning: IDHub can automate the provisioning and deprovisioning of user accounts, so that new employees are granted access to the systems and data they need as soon as they start their jobs, and departing employees are promptly removed from the system. This can help to reduce the risk of unauthorized access to data.
- Audit trails: IDHub can provide audit trails through certification feature, so that your organizations can track who accessed what systems and data, and when. This can help to identify and investigate suspicious activity.
- Auditing and reporting: IDHub can generate reports on user activity and access to PHI. These reports can be used to identify and investigate suspicious activity.
The first step is for you to get IDHub. To get started with a Free Trial of IDHub, goto https://sath.com/admin/try. You will then land on to the IDHub try page as shown below:
From there, click on the
Try Now button. From there you would be asked to create a sath account. After creating the sath account, you will be asked to enter a unique tenant name.
Enter your tenant name and tenant ID would be automatically created. Click on the button Agree and now. Now IDHub would create a trial subscription account and create the tenant for you to try out IDHub.
A loading page as shown above would be displayed and the credentials to log into your IDHub tenant account would be emailed to you.
The payment mechanism is integrated via stripe, therefore, after the expiry of the trial period you need to renew by entering your payment credentials to continue using IDHub cloud.
For on-prem IDHub installations you can Click Here.
Onboarding apps & HIPAA clauses
IDHub allows you to securely on-board applications. This completely covers the HIPAA clauses since, it helps in:-
Integration with electronic health records (EHRs) and other healthcare systems
- IDHub can be integrated with EHRs and other healthcare systems to provide a single sign-on experience for users. This means that users only need to log in once to access all the systems they need.
- IDHub can provide self-service portals where users can reset their passwords, manage their account settings, and request access to new systems. This can help to reduce the burden on IT staff.
Therefore, you will be able to completely cater to the HIPAA requirements for your organization; in addition to this IDHub allows you to:
- Reduced risk of data breaches
- Improved efficiency
- Reduced costs
Brief Process of Onboarding apps
For onboarding applications, click on the Manage Catalog menu on the left-hand side of IDHub Admin app and then click on the
Add application button.
Now you can onboard the application either one by one Or you can bulk upload the applications as well.
Click here to learn more about onboarding applications.
Once privileged accounts are stored in the IDHub, you need to grant access to those accounts to only authorized users. This can be done by creating user accounts in IDHub. You can provision accounts in IDHub by either submitting access request or reconciliation.
Hipaa & RBAC
For conforming to HIPPA, it is of paramount importance that you restrict and control access to PHI by restricting access to systems and data that contain PHI to only authorized users. This can be done by using IDHub's role-based access control (RBAC) feature to assign users to roles that only give them access to the systems and data that they need to do their jobs.
Taking a use case scenario of a large hospital that has implemented IDHub to manage user access to its patient records system. The hospital has created a number of roles for its users, such as doctor, nurse, and pharmacist. Each role has a specific set of permissions that define the resources that users can access. For example, doctors have permission to view and edit patient records, while nurses have permission to view patient records, but not edit them.
Brief Process for creating Role
To create a role, Goto the IDHub admin app and then click on the Manage Catalog. In the manage catalog page, click on the Create Role button. This will take you to the role creation wizard from where you would be able to create a role for your nurses and other staff.
Click here to learn more about creating a role
Periodic Reviews & HIPAA
Periodic reviews are a requirement to meet your HIPAA requirements as you need to track and identity any potential compliance violations. For this, IDHub provides you with comprehensive audit and reporting capabilities. Your healthcare organization can use these capabilities to track user activity and identify any potential compliance violations and thus helps you to track the compliance with HIPAA regulations.
For example, the hospital can use IDHub to generate a report of all users who have accessed a particular patient record. This information can then be used to investigate any potential security incidents. IDHub provides most of these reports out of the box, For accessing these reports click on reporting under the IDHub admin app as is shown below:
Auditing & HIPAA
IDHub can also be used to audit access to PHI to ensure that it is only being accessed for authorized purposes. IDHub's auditing features can be used to generate reports that show who accessed what systems and data, when they accessed it, and what they did while they were accessing it. This allows you to track what users have accessed and when.
Brief Process for Auditing
You need to create a certificate and run the certificate. To create a certificate, click on the certifications menu on the left-hand side of IDHub admin app and then click on the
create certificate button.
Click here to learn more about how to create a certificate and review the generated certificate tasks.