Administrative Security

Administrative security includes the audits, policies, staff training, and, for HIPAA-specific requirements, business associate training. Equally important as ensuring the physical and technical security of your data environment, administrative security addresses the business-facing concerns of partnering with a third-party hosting provider.

If you collect, store or process credit cardholder data, you are required to meet PCI DSS compliance. With PCI, you are required to ensure third-party/service providers that may have an impact on the security of the cardholder data environment are able to meet compliance standards.

If you collect, store or process patient health data, you are required to meet HIPAA compliance. With HIPAA, you are required to comply with the Administrative Safeguards within the HIPAA Security Standards that apply to:

(i) The size, complexity, and capabilities of the covered entity.
(ii) The covered entity's technical infrastructure, hardware, and software security capabilities.
(iii) The costs of security measures.
(iv) The probability and criticality of potential risks to ePHI.

Online Tech can provide the administrative security you need in the form of contractual requirements, staff training and documented policies and procedures.

Administrative Security Service
	Audits and Reports Data center and hosting providers should maintain reports on compliance (ROC) in order to clarify which requirements they cover, and which requirements your company needs to fulfill. Online Tech provides copies of our audit reports for SSAE 16, SAS 70, SOC 1, SOC 2, HIPAA and PCI compliance.
	Policies Online Tech’s documented policies and procedures reflect our protocol in the event of a data breach in order to provide your company visibility into our notification timeline. Additionally, documentation can outline other important security standards, from how data is handled after service termination to password policies.
	Staff Training Documented policies and procedures are only effectual if employees are made aware of and trained on a regular basis. The mishandling and misuse of sensitive data can potentially lead to a data breach. Check the last dates of employee training, and inquire about hiring policies to ensure that your data is in safe hands.
	Business Associate Training As your HIPAA hosting provider, we are trained on how to specifically handle ePHI (electronic protected health information). Part of your due diligence as a covered entity includes vetting your third-party service providers and ensuring they are trained on how to prevent a data breach. Additionally, we offer to sign and provide a business associate agreement with every healthcare client.

Want to stay informed on all things Online Tech?

Join us for a free webinar, The Affordable Way to Maintain Security and Compliance with Two-Factor Authentication with Dug Song of Duo Security and Jason Yaeger of Online Tech.

When: June 4 @ 2 P.M. ET

Top-Notch Security

We’re looking for a strong Michigan company with top-notch security. We required a SAS 70 certification, HIPAA knowledge for our medical facilities and clients because we have already some hospitals on our system, and competent staffing with multiple backup facilities, internal and off-site.

- Alex Brunner, CEO, VersaIMAGE

Onlinetech

Secure Hosting

Call Today 1-734-213-2020