CWRBS Home

CWRBS Inc.

BEST
DATA
PROTECTION
STRATEGIES

CWRBS's Technology & Services are HIPAA Compliant

As of April 2005, HIPAA's security standards mandate that all health care providers establish a contingency plan to respond to any type of computer disaster involving potential data loss. CWRBS's technology complies with the following HIPAA requirements:

User authentication
Role based access
Encryption of data (AES128, AES192, AES256 bit encryption)
Offsite data storage outside of the organization
Secure storage facilities
Transmission Reports

CWRBS's Internet Vaulting solution is completely secure and can protect your organization in the case of any type of data loss. Please refer to the table below for a more detailed look into how CWRBS's secure remote backup solution enables business to instantly comply with HIPAA regulations:

HIPAA Privacy Rule	CWRBS	Covered Entity
Safeguards: §164.530 (c) (1)
* Administrative §164.308	YES	Enabled by CWRBS
* Technical §164.312	YES	Enabled by CWRBS
* Physical §164.310	YES	Enabled by CWRBS
Access to PHI §164.524	NO - Covered Entity has the only encryption key	YES
Amendment to PHI §164.526	NO - Covered Entity has the only encryption key	YES
Encryption of PHI §164.312	YES	YES

HIPAA Security Standards Matrix	CWRBS	Covered Entity
Assigned Security Officer §164.308(a)(2)	YES	...
Access Authorization §164.308(a)(4)	NO - Only covered entity has access to PHI	YES
Security Incident Reporting §164.308(a)(6)	YES	...
Contingency Plan: Data Back-up §164.308(a)(7)	YES	YES
Contingency Plan: Disaster Recovery §164.308(a)(7)	YES	YES
Business Associate Agreement §164.308(b)(1), 106.103	YES	...
Facility Access Controls §164.310(a)(1)	YES	...
Device & Media Controls §164.308(d)(1)	YES	YES
Access Control §164.312(a)(1)	YES	YES
Transmission Security §164.312(e)(1)	YES	YES