Bardon Logo
Home Products Support News
News Releases                              
Bardon Data Systems Partners with The Pinnacle Corporation
Bardon Data Systems Announces Full Control 3 and WinU 6
Bardon Products Address Antivirus Vulnerability
Bardon Products Provide A Complete System Lockdown Solution
Bardon Products Stop Criminals
Bardon Products Help In Compliance To Sarbanes-Oxley
Bardon Products Protect Wireless-Enabled Computers
Close menu                                     

 

Bardon Data Systems Solution for HIPAA
Technical Security Services Requirements

Bardon Data Systems
www.bardon.com

The HIPAA Technical Security Services Requirements can be met by installing the Bardon Data Systems HIPAA Compliance Package. The core software in this package can be any of Bardon's access management systems ( WinU, Full Control, or Full Control Internet). These provide security access control, audit trail, and real-time oversight of all user activity. These products are described below.

The package can include biometric authentication which can validate the user's identity at logon, and also during the session when the user requests access to specific resources such as programs or system functions.

In addition, if desired the package can be configured to include full hard-disk encryption and pre-boot authentication.

 

Background

Bardon Data Systems (http://www.bardon.com) was established in 1987 to provide innovative solutions for desktop computing. Bardon released its first security access control system in 1995. Since that time it has continued to develop and enhance these products that allow system administrators to manage and control user access.

Bardon Data System products are in use by thousands of customers, including hospitals, manufacturers, schools, universities, the military, public safety, and government. The following is a partial list of Bardon customers in the healthcare field. They use our products for a variety of security applications:

• Texas Center for Infectious Disease, Houston TX
• Saints Memorial Medical Center, Lowell, MA
• Southwest Mississippi Regional Medical Center, McComb MS
• Sarasota Memorial Hospital, Sarasota FL
• East Texas Medical Center, Tyler, TX
• Advanced Neuromodulation Systems, Plano TX
• Radiology Services PA, Fort Smith AR

 

Product Overview

WinU, Full Control, or Full Control Internet provide a complete Windows (95/98/ME/NT/2000/XP) systems management solution. Full Control allows the secure use of the regular Windows desktop interface (taskbar, start button, desktop icons, etc) using LAN-wide management options. Full Control Internet extends this style of oversight and management across the Internet, allowing management oversight from anywhere in the world. In addition to oversight, WinU includes a Simplified Replacement User Interface that can make computers accessible to even the most novice users. For more on the differences between WinU, Full Control, and Full Control Internet, click here.

These products provide a complete security solution, and include the following features:

• Access control
• Remote administration
• System configuration management
• Audit trail

With any of these products, each user can have individual security and oversight settings. These include desktop appearance, password-protected programs, time limits, and many other per-user options and restrictions. Computers can be managed and controlled remotely, either across a LAN or the worldwide Internet. Or if required, these products can run on standalone machines such as laptops, which are not connected to a LAN or the Internet.

WinU, Full Control, or Full Control Internet allow users access to authorized software based on their particular profile. They can make files or folders invisible to prevent access to unauthorized data, monitor and control any window with which the user might access the file system, and deny or password-protect Ctrl+Alt+Del and similar keys and context menus. The keyboard can be disabled at startup to prevent users from bypassing Windows.

Bardon's system administration capabilities can maintain any size setup, from a single standalone PC to multi-computer networked installations. The administrator can dynamically control all access enterprise-wide from one central location. This includes the ability to query the status of any managed workstation; update, logoff, shut down, reboot or reconfigure stations remotely; send popup text messages to individual stations or broadcast them to all computers on the network.

In an emergency situation the administrator can override any user restriction. Any computer can be remotely and dynamically reconfigured. The administrator need only create one master setup (which can include per-computer customizations if desired) then distribute it over the network.

WinU, Full Control, or Full Control Internet include built-in audit trail activity logging that can track exactly when each program was run, by whom, and for how long. It also logs all attempts to bypass its security. Built-in reports and graphs can analyze this information, or the data can be exported to any database or spreadsheet.

 

HIPAA Technical Security Services - Requirements and Solution

Below are all mandated requirements, and a description of how the Bardon Data Systems HIPAA Compliance Package meets the needs of that requirement.

 

Requirement

Solution

Emergency Access

A procedure for emergency access must be available.

 



System Administrator has control over all computers in the system and can override any restrictions to gain emergency access.

Access Control

Allow access only to those persons or software programs that have been granted access rights.

 

 

Secure access control for all versions of Windows, including legacy systems. Controls access by persons. Also controls access to and by all software programs. Automatically uses pre-established Windows user names (Single Sign-On). Controls system access for specified time periods or other circumstances.

Audit Control

An audit control mechanism to record and examine system activity, enabling the organization to identify suspect data access activities.

  

An audit trail is generated for all user activity. This built-in activity log can track exactly when each program was run, by whom, and for how long. Events can be logged down to the level of each individual keystroke and mouse click if desired. Security bypass attempts are also logged, and Event Alerts notify administrators of suspect activities. Built-in reports and graphs can analyze this information, or the data can be exported to any database or spreadsheet. These reports satisfy HIPAA Information System Activity Review requirements for audit trail logs, access reports, and security incident tracking reports.

Automatic Logoff

Implement electronic procedures that terminate a session after a predetermined time of inactivity

 

Flexible logoff options for individual programs or the entire system by specified time periods. Inactivity timeout can shut down or logoff the computer, or lock the session. A locked session is password-protected and, when resumed, programs and files are in the same state as when the session was locked.

Encryption/Decryption

Encrypt and decrypt protected health information

 

Bardon products provide a secure computing environment in which the protected health information products can be run. Many products already provide encryption. Optionally, Bardon can include file and/or disk encryption for any organization whose medical records product does not already provide this.

Data Integrity Protection

Protect electronic health information from improper alteration or destruction

 

 

Prevent files, folders, and data from unauthorized modifications. Make secure data visible and accessible only to authorized individuals. Log and record all efforts to access secure data.