Physical, Logical & Network Access Controls for Giva's Cloud Help Desk Software

Giva's HIPAA-compliant security approach uses a comprehensive, multi-tiered security strategy to protect PHI in electronic health and medical records combined with a multi-tenant infrastructure to manage costs for our customers. Giva's cloud help desk software is compliant with security and privacy standards including HIPAA, PCI, SSAE 18 SCO 2 Type II, and Privacy Shield.

Physical vs Logical vs Network Access Controls

  • HIPAA technical safeguards for PHI include physical, logical, and network safeguards, meaning that the technology requirements apply not only to what you see (physical patient records, for example) but what you cannot see — PHI that is stored and transmitted through cloud-based applications.
  • What is the difference between physical, logical and network access controls?
    • Physical access controls refer to the restriction of access to a location, often accomplished with a number of security methods that control and monitor who is entering a location and who is leaving.
    • Logical access controls refer to restricting virtual access to data. It is a combination of identification, authentication, and authorization processes to protect hardware and software from unauthorized access.
    • Network access controls are to prevent unauthorized users and devices from accessing a private network.
    • All of these include safeguards to limit who has access to PHI as well as the environment hosting the software. HIPAA physical safeguards access controls include restricted access to data center facilities, 24 x7 guards and requiring valid government photo IDs for entering data centers. Logical access controls include complete separation between each customer environment, separate and defined server roles, and HIPAA Firewalls Between Public / Private Zones.

Physical Access Controls of Data Centers

  • Physical Security
    • Restricted Parking / Premises
    • Restricted Access to the Facility
    • No Signs Identifying the Data Center
    • Guard or Attendant at Entrance
    • Valid Government Photo ID for Visitors
    • Sign-In / Sign-Out Process
    • Restricted Access Signage
    • Escort Policy Required for Visitors and Vendors
  • Data Center Access Management, Monitoring and Data Protection Access Controls
    Access Rights
    • Restricted Access to the Data Centers
    • Biometric Access Required
    • Unique Access ID for Each Employee
    • Process for Granting/Revoking Access
    • Reconciliation of Staff with Access
    Access and Monitoring
    • Monitoring of Accesses
    • Digital Log of Door Accesses
    • Electronic Visitor Logs
    • Camera Placement at All Door Access Points, Aisles/Cages
    Data Protection
    • Shredders to Destroy Sensitive Documents
    • Server Cabinets Secured
    • Network Cables and Sockets Secured

Logical Access Controls

  • Complete Separation Between Each Customer Environment
  • Separate & Defined Server Roles
  • Access Control and Logging for All Access to Servers with PHI
  • HIPAA Firewalls Between Public / Private Server Zones
  • Production Change Management
  • Incident / Problem Management Program
  • Security Incident Response Plan
  • Risk Management
  • Documented Policies/Controls
    • Access Control
    • Password Management
    • HIPAA-Compliant Firewalls
    • Virus Protection
    • Data Classification
    • Encryption
    • Retention
    • Destruction

Network Access Controls

  • Firewall
    • Dedicated Hardware-Based Cisco ASA firewalls
    • Firewall Redundancy
    • Point to Point VPN Tunnels
    • SSL VPN Remote Access
    • Dual Factor Authentication
    • JPSEC Tunnels
    • 3DES Encryption
    • INGRESS and EGRESS Filters
  • Network
    • Private VLAN
    • DMZ Zone for Public Services
    • Internal Zone for Private Server
  • Intrusion Prevention
    • Intrusion Prevention Service (IPS)
    • Prevention of "Phone Home Bots"
    • DDoS Mitigation
    • Offload of SSL Traffic
    • Web Application Firewalls for OWASP 10
  • Enterprise - Anti-Virus
    • Enterprise Grade Anti-Virus
    • Host-Based Intrusion Prevention
    • Centralized Reporting
    • Abnormal Process Logging

Learn More About Giva HIPAA Compliance

HIPAA-Compliant HIPAA Basics
HIPAA Basics
HIPAA-Compliant Data Encryption
Data Encryption
HIPAA-Compliant Onsite & Offsite Encrypted Backups
Onsite & Offsite Encrypted Backups
HIPAA-Compliant Physical, Logical & Network Access Controls
Physical, Logical & Network Access Controls
HIPAA-Compliant Vulnerability Management & Logging
Vulnerability Management & Logging
HIPAA-Compliant Defined & Tested Security Policies & Procedures
Defined & Tested Security Policies & Procedures
HIPAA-Compliant SSAE 18 SOC II Type 2 Certification
SSAE 18 SOC II Type 2 Certification
HIPAA-Compliant Security Risk Assessments & Breaches
Security Risk Assessments & Breaches
HIPAA-Compliant Web Apps, Websites & Hosting
Web Apps, Websites & Hosting
HIPAA-Compliant Phone, Mobile & Computer Devices
Phone, Mobile & Computer Devices
HIPAA-Compliant Common Violations, Breaches & Mistakes
Common Violations, Breaches & Mistakes
HIPAA-Compliant Remote Work Conferencing & Telehealth
Remote Work Conferencing & Telehealth
HIPAA-Compliant HIPAA Audits
HIPAA Audits

Client Success

  • 50% reduction in time to deploy Giva's change, incident, problem, asset management and knowledgebase modules
  • 60% reduction in the 5 year Total Cost of Ownership (TCO)
  • Saved at least 1 FTE due to lower ongoing administration
  • Saved 1 week per month due to easy to use reports
  • Increased to 90% achievement in meeting service level agreements
  • 70% reduction in generating reports and admin; eliminated 35 hours/month
  • 50% faster to create/assign a service request
  • 60% increase in information captured during the initial phone call
  • 50% increase in the number of service requests created due to intuitive design
  • 80% increase in productivity by using Giva's dashboards and reports
  • 60% increase in meeting service level agreements
  • 45% increase in the number of the calls logged due to Giva's intuitiveness and ease of use
  • 50% increase in productivity by using Giva's integrated custom forms