How can Tonido FileCloud help to achieve HIPAA Compliance?

The HIPAA or Health Insurance Portability and Accountability Act is an act passed by the United States of America, signed by President Bill Clinton in 1996. It was two parts- Title I and Title II. Title I protects health insurance coverage for workers and families when they change or lose their jobs. Title II defines the guidelines and procedures for maintaining the privacy and security of individually identifiable health information. Ever since the act was enforced, it is mandatory for organizations in the healthcare industry to follow such standards.

In short, the HIPAA sets the standards for protecting sensitive patient data. Although employees within your own organization have the ability to access and work on the files present in your network, HIPAA requires that you provide an audit control to record and examine their activity. HIPAA also requires that you encrypt and store the data and decrypt it whenever required.  If you want to use a file sharing service with HIPAA compliance, the guidelines that are discussed here must be followed. FileCloud helps you in following the guidelines set by HIPAA automatically!

FileCloud meets the file sharing requirements of Healthcare organizations. FileCloud supports HIPAA compliance by providing encryption in transit and at rest, detailed activity logs (what, when, who, where and how), integration with existing network shares, powerful admin tools, and reporting, data leak prevention, device management, drive app, and single sign-on capabilities.

Read more about it here

FileCloud monitors and stores every action that is performed by the users. It mentions a proper audit trail which can be accessed by the admin. As evident from the following screenshot, you can check that Audit records can be seen at the bottom right corner.

FileCloud Dash

Although the audit trail is enabled by default, you can change this setting in the admin settings. First, log in to your admin account and then go to settings. Select the ‘Admin’ tab and scroll down to the Audit Logging Level setting at the bottom.

FileCloud Audit

As explained in the settings, you can select three values for the Audit logging level. You can set it to OFF to disable Audit Logging altogether. You can set it to REQUEST to log all incoming requests by your users and their results. Thirdly, you can set it to FULL to make sure complete requests and responses are stored.

FileCloud audit logs record some standard data. It is listed below.

  • The username of the user performing the action is recorded
  • The action (like write, read, delete) of the user is logged
  • The data on which the action is performed is also recorded
  • The time of the activity is also logged
  • The device (web, mobile, drive) that was used to perform the action

To view the audit trail, you can select ‘Audit’ on the left panel of the admin dashboard under Misc. According to the Audit Logging Level, the recorded data is shown.

FileCloud Log

In this example, we have used the REQUEST logging level, which means that all incoming requests and their results are logged. You can filter the audit logs too according to your needs.  In order to check the encryption, if you use https in your server, it should encrypt and decrypt the data on the fly.

Explanation with an example

Michael Domingo, Executive Editor of MCPmag.com puts it briefly- “It can be difficult to know what changed when it changed, and who changed it. Add regulatory compliance and you’ll need to hire a full crew to keep up the changes over time.” Let us understand that with an example.

  • What changed? The action that was performed is written in the message clearly. In our example, a directory was accessed by a certain user.
  • When did it change? The time stamp of the action is the same as the time stamp of the creation of the log. In this case, it’s 2014-Jan-16 07:22 AM.
  • Who changed it? – The username is specified in the message- in this case, it’s “sdaityari”. Also, the IP address is mentioned in case you want to know from where it was accessed.
  • How was the change done? It this case, it was done through a web browser.

By recording, every action with What, When, Who and How attributes  FileCloud gives you the best possible audit data for your compliance.  One can also export the logs for further review periodically.

We hope that this post helped how Tonido FileCloud can help you with your HIPAA compliance. If you are an organization in the healthcare industry, you must know that it is completely safe to use FileCloud for your needs.