Physical, Logical & Network Access Controls for Giva's Cloud Help Desk Software
Giva's HIPAA-compliant security approach uses a comprehensive, multi-tiered security strategy to protect PHI in electronic health and medical records combined with a multi-tenant infrastructure to manage costs for our customers. Giva's cloud help desk software is compliant with security and privacy standards including HIPAA, PCI, SSAE 18 SCO 2 Type II, and Privacy Shield.
HIPAA technical safeguards for PHI include physical, logical, and network safeguards, meaning that the technology requirements apply not only to what you see (physical patient records, for example) but what you cannot see — PHI that is stored and transmitted through cloud-based applications.
What is the difference between physical, logical and network access controls?
Physical access controls refer to the restriction of access to a location, often accomplished with a number of security methods that control and monitor who is entering a location and who is leaving.
Logical access controls refer to restricting virtual access to data. It is a combination of identification, authentication, and authorisation processes to protect hardware and software from unauthorised access.
Network access controls are to prevent unauthorised users and devices from accessing a private network.
All of these include safeguards to limit who has access to PHI as well as the environment hosting the software. HIPAA physical safeguards access controls include restricted access to data centre facilities, 24 x7 guards and requiring valid government photo IDs for entering data centres. Logical access controls include complete separation between each customer environment, separate and defined server roles, and HIPAA Firewalls Between Public / Private Zones.
Physical Access Controls of Data Centres
Restricted Parking / Premises
Restricted Access to the Facility
No Signs Identifying the Data Centre
Guard or Attendant at Entrance
Valid Government Photo ID for Visitors
Sign-In / Sign-Out Process
Restricted Access Signage
Escort Policy Required for Visitors and Vendors
Data Centre Access Management, Monitoring and Data Protection
Restricted Access to the Data Centres
Biometric Access Required
Unique Access ID for Each Employee
Process for Granting/Revoking Access
Reconciliation of Staff with Access
Access and Monitoring
Monitoring of Accesses
Digital Log of Door Accesses
Electronic Visitor Logs
Camera Placement at All Door Access Points, Aisles/Cages
Shredders to Destroy Sensitive Documents
Server Cabinets Secured
Network Cables and Sockets Secured
Logical Access Controls
Complete Separation Between Each Customer Environment
Separate & Defined Server Roles
Access Control and Logging for All Access to Servers with PHI
HIPAA Firewalls Between Public / Private Server Zones