HIPAA Security

Physical, Logical & Network Access Controls for Giva's Cloud Help Desk Software

Giva's HIPAA-compliant security approach uses a comprehensive, multi-tiered security strategy to protect PHI in electronic health and medical records combined with a multi-tenant infrastructure to manage costs for our customers. Giva's cloud help desk software is compliant with security and privacy standards including HIPAA, PCI, SSAE 18, and Safe Harbor.


Physical Access Controls of Data Centers

Logical Access Controls

  • Physical Security
    • Restricted Parking / Premises
    • Restricted Access to the Facility
    • No Signs Identifying the Data Center
    • Security Guard 24x7
    • Photo ID Required
    • Sign-In / Sign-Out Process
  • Data Center Security and Facility
    Access Rights
    • Restricted Access to Facilities
    • Biometric Access Required
    • Signs Posted for Restricted Access
    • Unique Access ID for Each Employee
    • Process for Granting/Revoking Access
    • Escort Required for Visitors/Vendors
    • Reconciliation of Staff with Access
    Access Tracking
    • Live Monitoring of Accesses
    • Digital Log of Door Accesses
    • Written Visitor Log
    • Camera Placement at All Door Access
    • Points, Aisles/Cages
    Data Protection
    • Shredders to Destroy Sensitive Documents
    • Server Cabinets Secured
    • Network Cables and Sockets Secured
  • Separation between each customer's data
  • Separate & Defined Server Roles
  • Access control and logging for all access to servers with PHI
  • Firewalls between Public/Private Server Zones
  • Documented Policies/Controls
    • Access Control
    • Password Management
    • Firewalls
    • Virus Protection
    • Data Classification
    • Encryption
    • Retention
    • Destruction
    • Production Change Management
    • Incident/Problem Management Program
    • Security Incident Response Plan
    • Risk Management

Network Access Controls

  • Firewall
    • Dedicated hardware-based Cisco ASA firewalls
    • Firewall redundancy
    • Point to Point VPN Tunnels
    • SSL VPN Remote Access
    • Dual Factor Authentication
    • 3DES Encryption
    • IPSEC Tunnels INGRESS and EGRESS Filters
  • Nework
    • Private VLAN
    • DMZ Zone for public services
    • Internal Zone for private server
  • Intrution Prevention
    • Intrusion Detection
    • Intrusion Prevention
    • Prevention of "Phone Home bots"
    • DDOS Mitigation)
    • SSL Offload IDS/IPS of SSL traffic
    • Web Application Firewalls for OWASP 10
  • Enterprise – Anti-Virus
    • Enterprise Grade Anti-Virus
    • Host-based intrusion prevention
    • Centralized Reporting
    • Abnormal Process Logging