Many industries have compliance rules, but few are as strict as the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
There are many reasons why HIPAA compliance is so critical. One, a data breach exposes patients’ confidential records. This not only breaks the trust, it is a major privacy invasion. Not only that, if the breach is somehow made public, the health care provider’s reputation is damaged.
There are also serious financial consequences. In fact, both the health care provider and their MSPs could be on the hook for fines and penalties.
Roy Herron, systems analyst for the Methodist Healthcare Ministries (MHM) in San Antonio, was well versed in HIPAA and the compliance benefits of VSA by Kaseya. Prior to working for the healthcare organization, Herron had worked for a managed services provider (MSP), where he became acquainted with the remote monitoring and management (RMM) solution. He knew the software would be able to bring IT efficiency and compliance to the fast-growing healthcare system.
Compliance and Security
As a healthcare concern, MHM has serious compliance regulations to meet. “VSA is a big help in keeping costs down and allowing us to stay in compliance with HIPAA and the HITECH Act,” Herron said. While complying with these regulations takes a lot of effort, it also creates a safer environment. “The HITECH Portability Act is a big component of our security checklist. It helps keep everything up to date, which is a big thing to protect from breaches,” he added.
VSA also comes in handy when dealing with breaches. “I use it to correlate data if we have a suspected breach. I correlate between our Active Directory, DNS, who logged on to the machine, and what is going on,” Herron said.
Value of Auditing
Auditing is important to understand where your IT infrastructure has been and to protect the network. It is also absolutely critical for compliance. “Auditing allows me to change local usernames and disable them to keep well-known usernames from being used against our system for breaches. Instead of having to change the administrator password, I send out a bulk one and it is done like that,” Herron said. “I have auditing trails on every one of our computers and see who is logged in currently or who logged in.”
Remote Control and Management
MHM employees are scattered throughout rural areas in South Texas. With “half of our people in San Antonio and 100 to 120 users in remote very rural areas,” according to Herron, sending technicians to these sites was becoming unwieldy.
VSA has been a total game changer. “VSA has made it way more efficient. I do not have to take four hours out of my day where I cannot take calls, do tickets, or help anybody out,” Herron said. “VSA keeps us from having to send a technician out to fix their computer. I remote-on to it to help them with whatever they need, such as email or our next-generation health system, and fix it in five to 10 minutes.”
The Power of Patching
With most breaches impacting unpatched computers, keeping machines up to date is an essential safeguard. “I use VSA for Windows patch management instead of having to have three or four different servers just to manage the patches. Everything is agent-driven right now. I have about a 92 percent patch rate within a week of when a new Microsoft patch is released. It is easy to set up. I did not have to tie in with everything else. You set up your policies and automation — and let it go,” Herron said.
Multiplatform is also essential. “It patches third-party software, not just the Microsoft Windows updates. I patch Firefox, Java, and some Flash. That is a big help. Otherwise, you probably have to send somebody out to physically patch each system, or spend tens of thousands of dollars on SCCM or SCE from Microsoft,” he said.
Meanwhile, the unified interface makes tasks easier to perform and manage. “The single pane of glass lets me see a group of our users and patching states. I can push everything out from my desk. Over the course of the day, it saves me probably two to three hours walking around,” he said.
Role of Reporting
Reporting is another key VSA attribute. “VSA lets me do reports to see which machines don’t have a service running or if something’s wrong. It tells me if they have not been patched, or how many patches are missing. That is big for compliance. One of the big factors in keeping your environment secure is patching,” he said.
Connecting with Live Connect
VSA’s Live Connect brings remote access to a completely new level, providing fast access to the computer even while an end user is working. “I am a heavy user of Live Connect, using it for command prompt scripts or VBS scripts that need to run, and to transfer files between computers. I also see in real time the processor usage and memory usage so I can tell that a machine may need more memory, or something on the computer is eating up the processes,” he said.
VSA and Live Connect are a big part of the IT efficiency story. “The time savings is plus or minus 20 to 30 minutes on a single call. It keeps call volume down, and our throughput has gone up significantly — probably by as much as 75 percent,” Herron estimated.
Two Factor Authentication Adds an Extra Layer of Protection
MHM has just acquired AuthAnvil by Kaseya, which offers two-factor authentication (2FA). Herron is contemplating ways to put it to work. “We are looking at use cases like tying it into our electronic health record system and using it for sign-ins and sign-outs,” he said.
Herron also likes the idea of password cycling. If a password changes every five minutes, even if an intruder gets the password, it will change in a matter of minutes – blocking access.
Read the full case study here.