Dizzion has made security a central tenet of our cloud delivered desktops since the company was founded five years ago. This commitment was evident early on with our multi-layered security and best-in-class controls and was further strengthened by our recent announcement of becoming the first desktop-as-a-service company to attain PCI compliance certification. When we made that announcement we told the world that HIPAA compliance certification wasn’t far behind, and we’re proud to announce that Dizzion is now an independently verified HIPAA compliant DaaS provider. This will help our existing and future customers feel confident that the sensitive data they handle is protected at the highest level.
What is HIPAA compliance & who does it apply to?
In simple terms, HIPAA (the Health Insurance Portability and Accountability Act) was developed in 1996 to protect people’s private health information, known as PHI. This can be anything from discussions about treatment, to medical records, to billing and payment information. In a quest to protect this information, security standards were written and anyone who has access to, stores or transmits such information is now bound to these standards.
Overtime, the standards expanded beyond just hospitals and direct care givers and now apply to anyone who engages with PHI, including service providers like Dizzion that allow access to PHI (even though Dizzion will never actually see any protected data). These service providers are considered “Business Associates,” a designation that covers lawyers, consultants, payment and claim processors, medical transcriptionists and other businesses that don’t fall directly into the healthcare industry but still deal with PHI.
Why did Dizzion pursue HIPAA compliance certification?
In short – we did it for our customers and future customers.
While it may have been “enough” to stick to our base controls or stop at PCI compliance, we knew that verifying that our virtual desktop solution is compliant with stringent HIPAA standards would positively affect many of our customers or other companies interested in adopting DaaS. HIPAA standards touch a wide range of organizations and we wanted to help companies meet these standards while empowering them to make the desktop delivery and workforce decisions that best fit their business needs.
Dizzion is all about enabling IT to focus less on desktop provisioning and more on driving the business. By offering a solution that meets HIPAA standards we’ve extended that mission and given companies back even more of their time by simplifying audits.
We’ve observed firsthand the time, effort and costs that audits require – pulling away from our customers’ core business. Often times our customers were stitching together multiple technologies, areas of expertise and cost centers to meet HIPAA security standards. By doing the work to ensure our solution is HIPAA compliant, we can take a good portion of that weight off of our customers’ shoulders.
What does this mean for customers?
Dizzion and our solution were audited by Qualified Third Party Auditors for security standards and controls. We now have a Letter of Attestation (LOA) and Report on Compliance (ROC) that proves we’ve done what it takes to secure our platform and the users of it in accordance with HIPAA/HITECH and Ominbus. Our service can “stand on its own” as a secure method to access and transmit PHI.
Dizzion’s HIPAA ROC makes it easier for our customers to complete the portion of HIPAA related audits that evaluate the access and transmission of PHI across the Dizzion platform. If our platform is the only method used to access, transmit or transfer PHI, it drastically simplifies the audit scope and process.
What’s even more important is we will sign a delineated Business Associates Agreement (BAA) outlining the roles and responsibilities that we’re responsible for. This is another important requirement when HIPAA regulated organizations work with business associates who access, store or transmit PHI.
By using Dizzion’s compliant solutions, businesses can be confident that their data is being handled to the highest security standards.
Evolving to Meet Demand
HIPAA has been increasingly gaining strength and fines are reaching an all-time high – upwards of $4 million in some cases. With the leading causes of data breaches being unauthorized access/disclosure, theft and hacking/IT incidents, companies that handle PHI are paying closer attention to data security at all levels.
Healthcare providers in particular have been adopters of virtual desktop technology almost from the beginning. They recognized the level of security, flexibility, management centralization and agility that VDI can provide. But to confidently adopt this competitive advantage, they need to be sure they’re not compromising data and PHI security. Dizzion is committed to meeting all these requirements with compliant end user computing in the form of secure cloud delivered desktops.
With the way business is evolving in a global and broad reaching way, it’s rare that companies are not held to some type of security or compliance standard. Whether from the government like HIPAA, the private financial sector like PCI or even directly from the customers companies serve, there are requirements to meet. We want to be the leader in this regard and be the first company of our kind to take extra steps to help our customers be successful.
Contact Dizzion to learn more about our HIPAA compliant cloud delivered desktops.