Your IT Guy has enough on his plate without being the HIPAA

Document Sample
Your IT Guy has enough on his plate without being the HIPAA Powered By Docstoc
					Rethinking IT

W H I T E P A P E R

Your IT Guy has Enough on His Plate Without Being the HIPAA Police
The KBOX HIPAA Approach

Your IT Guy Has Enough on His Plate Without Being the HIPAA Police The KBOX HIPAA Approach

TABLE OF CONTENTS

Your IT Guy Has Enough on His Plate Without Being the HIPAA Police The KBOX HIPAA Approach
HIPAA Security Rule Overview..................................................................... 3 The HIPAA Security Rule, Why Do I Care?.................................................... 3 Okay, I Get It. But the Security Rule deadline has passed and we have safeguards in place. Really we do............................................................... 4 Risks, Vulnerabilities, and IT Pain Points for HIPAA Security Rule Compliance ............................................................................................... 5 KBOX Capabilities & the HIPAA Security Rule................................................ 6 Conclusion................................................................................................14 The KACE for KBOX...................................................................................15

Copyright © 2006 KACE Networks, Inc. All rights reserved.

2

Your IT Guy Has Enough on His Plate Without Being the HIPAA Police The KBOX HIPAA Approach

HIPAA Security Rule Overview
The compliance deadlines for the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Final Security Rule have come and gone. The deadline was April 21, 2005 for all covered entities, except small health plans which had until April 21, 2006, to comply. While the HIPAA Privacy Rule covers protected health information (PHI) in all forms, the HIPAA Security Rule specifically applies only to PHI that is maintained, transformed, or transmitted in electronic form (e-PHI). The Security Rule is intended to ensure that covered entities meet the following objectives: Ensure the confidentiality, integrity and availability of all EPHI that the entity creates, receives, maintains, or transmits; Protect against any reasonably anticipated threats or hazards to the security or integrity of such information; Protect against any reasonably anticipated uses or disclosures of such information that are not permitted or required under the Privacy Rule; and Ensure compliance by the entity's workforce. The Security Rule presents major challenges for virtually every covered entity in the HIPAA environment, no matter how big or how small. Covered entities include health plans, health care clearinghouses, and healthcare providers. In addition, business partners and associates who interact with covered entities are forced to deal with the same security issues as covered entities. Savvy IT professionals know all too well the amount of work they face in supporting HIPAA compliance. And your IT guys have enough on their plates without assuming the role of HIPAA police. But when faced with a challenge, they also appreciate that adding technologies for HIPPA Security Rule compliance is an opportunity to make improvements in overall IT security that increase the organization’s bottom-line. It gives you a unique opportunity to see how you can improve IT services, address business process issues, bolster systems performance and increase uptime of your infrastructure. IT professionals today must look to new challenges, such as HIPAA, as opportunities to leverage existing technologies — not only to achieve compliance, but to add more value to the overall business. KBOX™ IT Management Suite by KACE™ can help you fulfill your HIPAA Security Rule requirements and improve overall control and performance of your IT infrastructure. KBOX uniquely supports IT teams in their HIPAA Security Rule efforts with an easy-to-use, comprehensive, and affordable solution. This solution addresses a wide range of “Required” and “Addressable” technical, physical, and administrative safeguards mandated by the HIPAA Security Rule.

The HIPAA Security Rule, Why Do I Care?
Criminal penalties for HIPAA violations can include fines of up to $250,000 and 10 years in prison for the most serious of violations. Protecting patient information is serious business. You don’t have to go further than recent headlines to know why you should care about the HIPAA Security Rule. In May 2006, the Department of Veterans Affairs (VA) learned that an employee, a data analyst, took home electronic data from VA that was stored in his home on a laptop computer and external hard drive. He was not authorized to take this data home. Do you want to hear about an e-PHI security breach at your organization on the 11 o’clock news?
Copyright © 2006 KACE Networks, Inc. All rights reserved.

3

Your IT Guy Has Enough on His Plate Without Being the HIPAA Police The KBOX HIPAA Approach

The Federal government has received more than 13,000 complaints of violations of the privacy standards in the last two years; however, they have been slow to prosecute under the Act. The government hasn’t imposed any civil fines…..yet. But it has secured at least one criminal conviction: A Seattle man pleaded guilty in August 2005 to wrongful disclosure of personal health information. He confessed to improperly obtaining a patient's name, birth date and Social Security account number while working for a consortium of cancer hospitals, and then using the information to obtain four credit cards in the patient's name. With the fraudulently-obtained cards, he bought more than $9,000 worth of video games, jewelry, porcelain figurines, groceries, gasoline and other items for his use. He was sentenced to 16 months in prison.

“You know you’re having a bad IT day when you hear about your e-PHI security breach on the 11 o’clock news.”

The stakes are clearly high. And it won’t be long before more prosecutions are undertaken. The Seattle man took the heat for a cancer hospital consortium’s security failure. However, the tide of responsibility shifted in June of 2006 when an authoritative new ruling by the Justice Department sharply limited the government's ability to prosecute people for criminal HIPAA violations. In its ruling, the Justice Department said that criminal penalties should apply to insurers, doctors, hospitals and other providers — but not necessarily to their employees or outsiders who steal personal health data. What does this mean for your organization? In short, the Department said that people who work for an entity covered by HIPAA are not automatically covered by that law and may not be subject to its criminal penalties. But the insurer, doctor, hospital, or other provider that you work for can be prosecuted and filed. Someone is going to pay for HIPAA violations.

Okay, I Get It. But the Security Rule deadline has passed and we have safeguards in place. Really we do.
The Security Rule deadlines have come and gone. In January of 2006, Phoenix Health Systems and the Healthcare Information and Management Systems Society (HIMSS) conducted a survey of 324 healthcare industry providers and payers. 55% of healthcare providers reported that they are now compliant with Security standards, and 72% of Payers are reportedly compliant. The majority of non-compliant organizations projected full implementation of Security standards within 6 months; however, this group predicted a similar timeline in a similar survey conducted in the Summer of 2005.

Copyright © 2006 KACE Networks, Inc. All rights reserved.

4

Your IT Guy Has Enough on His Plate Without Being the HIPAA Police The KBOX HIPAA Approach

Source: Phoenix Health Systems & HIMSS
Respondents report that data security incidents continue to plague at least 33% of Providers and Payers. You may have addressed the “Required” Security Rule specifications, but what about those “Addressable” specifications? "Addressable" specifications cannot be ignored or dismissed summarily. Covered entities must carefully document their decisions to forego adoption of addressable specifications, consistent with the Rule's criteria, as part of their Security Rule assessment process. So, the bottom line is that if you haven’t addressed all specifications, you may have to answer to Federal regulators or opposing counsel in court as to why you haven’t. Have you addressed all specifications – both “Required” and “Addressable” – and their related risks and vulnerabilities? Have your IT & compliance teams continued to assess your Security Rule compliance on an ongoing basis since meeting the deadline?

Risks, Vulnerabilities, and IT Pain Points for HIPAA Security Rule Compliance
How is HIPAA Security Rule compliance impacting your IT department? Consider the size of your IT organization and assess your security risks. How many assets are you responsible for and where are they? What potential e-PHI vulnerabilities are present in your security schema, your application dependencies, and your people? Risk is a scary proposition and the stakes in HIPAA compliance are high. IT should be looking at some specific pain points that, if managed well, could help minimize security risk and put in place controls to be used in HIPAA Security Rule compliance initiatives.

“All it takes is one disgruntled employee to spark a Federal HIPAA compliance probe.”

Your business must continue to run while IT addresses ongoing HIPAA compliance challenges. Prioritizing the resources required to address HIPAA Security Rule compliance, while still meeting day-to-day IT requests, can be daunting. IT must assess every decision made and pinpoint how it affects HIPAA compliance. This level of detail adds a potentially huge amount of work to the IT teams planning, resource commitment and fulfillment capabilities.

Copyright © 2006 KACE Networks, Inc. All rights reserved.

5

Your IT Guy Has Enough on His Plate Without Being the HIPAA Police The KBOX HIPAA Approach

KBOX Capabilities & the HIPAA Security Rule
To help IT managers, KACE has studied the ramifications of the HIPAA Security Rule, the IT security challenges mandated therein, and the potential technologies needed to address those challenges. KACE addresses many of the specifications set forth in the final HIPAA Security Rule. Table 1, “KBOX Capabilities & the HIPAA Security Rule,” maps KBOX capabilities to the corresponding HIPAA Administrative, Physical, and Technical Safeguards. For each key challenge set forth in the HIPAA Security Rule, KACE has identified KBOX features that help your organization not only satisfy compliance requirements, but reduce risk across your enterprise. How many of the “Required” and “Addressable” HIPAA Security Rule specifications have been addressed in your organization? How many different technologies are involved and from how many vendors? Is your HIPAA Security Rule compliance initiative operating efficiently as part of your overall IT function? How confident are you in your HIPAA Security Rule efforts?

Table 1 - KBOX Capabilities & the HIPAA Security Rule
Implementation Specifications Standards/Sections
Security Management Process 164.308(a)(1) (R)=Required, (A)=Addressable

Potential Risks/Vulnerabilities
Ineffective policy and procedure to prevent, detect, contain, and correct security violations

KBOX Capabilities
Complete hardware and software inventory across the network Network security scan and device discovery Security vulnerability scanning LOG history of updates and patches Audit and reporting

Administrative Safeguards
Risk Analysis (R) Risk Management (R) Sanction Policy (R) Information System Activity Review (R)

Assigned Security Responsibility 164.308(a)(2)

(R)

Assigned security official's responsibilities not appropriately documented and understood by the organization Failure to assign a security official and verifying the responsibilities are being carried out Failure to recognize the qualifications and expertise needed by a Security Official Unauthorized or inappropriate access to e-PHI due to ineffective access, authorization and/or supervision procedures Ineffective clearance procedures prior to granting access to e-PHI

KBOX can aid in the process by enforcing centralized system administration

Workforce Security Responsibility 164.308(a)(3)

Authorization and/or Supervision (A)

Security audit for administrative accounts and access USB storage, FOB device blocking Custom access policies

Workforce Clearance Procedure (A)

Copyright © 2006 KACE Networks, Inc. All rights reserved.

6

Your IT Guy Has Enough on His Plate Without Being the HIPAA Police The KBOX HIPAA Approach

Implementation Specifications Standards/Sections

(R)=Required, (A)=Addressable Termination Procedures (A)

Potential Risks/Vulnerabilities
Continued access by terminated workforce members resulting in unauthorized access to e-PHI or locations where e-PHI can be accessed due to ineffective procedures for revoking access at time of termination. For example, notification, monitoring of unused accounts, payroll comparison report Unauthorized or inappropriate access to e-PHI due to ineffective policies and procedures that protect the e-PHI of the clearinghouse from unauthorized access by the larger organization. Unauthorized or inappropriate access to e-PHI due to ineffective policies and procedures relating to access authorization

KBOX Capabilities
Lockdown scripting upon termination

Information Access Management 164.308(a)(4)

Isolating Healthcare Clearinghouse Function (R)

KBOX can aid in the process by searching for and removing local documents not adhering to e-PHI policies System audits to maintain proper machine permissions Remove need for local administrative access on desktops but still provide users with access to do their jobs in a controlled environment Remove need for local administrative access on desktops but still provide users with access to do their jobs in a controlled environment

Access Authorization (A)

Access Establishment & Modification (A)

Inability to perform required job functions or inappropriate access due to failure to implement protocol to assign appropriate access for users to perform their jobs Inability to perform required job functions or inappropriate access due to failure to have policies and procedures requiring periodic review and modification of user access Reduction in security effectiveness and non-compliance with the Security Rule due to Ineffective security awareness reminders Damage from malicious code due to ineffective training program on malicious software

Security Awareness & Training 164.308(a)(5)

Security Reminders (A)

File synchronization and alerting to keep staff updated on HIPAA change

Protection from Malicious Software (A)

Security vulnerability scanning Automated patch management Block and uninstall prohibited applications

Log-in Monitoring (A)

Unauthorized access goes undetected and unreported due to ineffective training on log-in monitoring and reporting procedures

Track login history and capture and store security event logs

Copyright © 2006 KACE Networks, Inc. All rights reserved.

7

Your IT Guy Has Enough on His Plate Without Being the HIPAA Police The KBOX HIPAA Approach

Implementation Specifications Standards/Sections

(R)=Required, (A)=Addressable Password Management (A)

Potential Risks/Vulnerabilities
Unauthorized access to e-PHI due to ineffective training on password management. (Password strength, expiration, sharing passwords, shouldersurfing, etc.) Elevated risk of; disclosure, modification, loss/destruction/ interruption, delay in response and reporting due to ineffective policy and procedure for addressing security incident Elevated risk of; disclosure, modification, loss/destruction/ interruption, delay in response and reporting due to due to lack of properly trained incident response team Ineffective process for security incident response and reporting. Include the following: mechanism for training, defining security incident, reporting incident, logging and responding Security Incident continues unmitigated due to failure to report Security Incident to Response Team Long-term mitigation may not be implemented due to failure to appropriately report Response Team findings Delay in restoration efforts, increased costs, productivity issues, quality of care issues due to lack of policies & procedures to implement an effective backup plan Data not available, possible loss of confidentiality due to Ineffective policies and procedures for responding to an emergency or other occurrence affecting e-PHI Items to consider in a data backup plan: frequency of backups, what should be backed up, methods to retrieve, testing, training, human resource coverage, retention, physical storage (offsite), media reliability, media handling (loss/theft) Delay or inability to restore business operations because disaster recovery plan is incomplete or lacks sufficient detail Examples: Knowledgeable staff. Backup data available, password availability, hardware software availability, recovery time and process

KBOX Capabilities
Enforce local system passwords and accounts

Security Incident Procedures 164.308(a)(6)

Response & Reporting (R)

Complete hardware and software asset tracking, cradle to grave Reporting on those assets Real-time alerts of asset status

Contingency Plan 164.308(a)(7)

Data Backup Plan (R)

Monitoring and reporting that data backup processes are being executed

Disaster Recovery Plan (R)

Manage software profiles for specific users and types of users to quickly reconfigure and redeploy existing or new systems

Copyright © 2006 KACE Networks, Inc. All rights reserved.

8

Your IT Guy Has Enough on His Plate Without Being the HIPAA Police The KBOX HIPAA Approach

Implementation Specifications Standards/Sections
(R)=Required, (A)=Addressable Emergency Mode Operation Plan (R)

Potential Risks/Vulnerabilities
Unauthorized access to e-PHI due to failure to establish policies and procedures to protect the security of e-PHI while operating in emergency mode. Include: who should activate the emergency mode status/announcement, ensure staff availability to monitor security Ineffective contingency plan and unprepared workforce due to ineffective procedure for testing and revision of contingency plans. For example, testing critical functionality, incomplete or out of date plan Applications and data critical to contingency plans are overlooked resulting in an ineffective contingency plan because criticality analysis has not been effectively completed. For example, system modifications not documented, hardware not available, etc. Appropriate security safeguards may not be in place because no evaluation protocol documented in the organization's policies and procedures for implementation of environmental or operational changes. (Protocol to include, accountability, frequency, reporting, mitigation, etc.) Out of compliance with the requirements of the security rule. Business associates may not protect e-PHI appropriately due to contract not defining the necessary items due to lack of an effective monitoring program/system to ensure business associate agreements are completed and complied with Business associate agreements are in place, but have not been updated to reflect the language required by the HIPAA Security Rule

KBOX Capabilities
Quarantine one or more machines Broadcast alerts for emergencies like weather and other disasters

Testing & Revision Procedure (A)

Monitoring and reporting on testing of backup and other critical procedures

Applications & Data Criticality Analysis (A)

Enforce consistent operating system and application configuration Eliminate configuration drift

Evaluation 164.308(a)(8)

(R)

Analyze and report on security safeguard list Security vulnerability scanning Data access reporting System configuration report

Business Associate Contracts and Other Arrangement 164.308(a)(8)(b)(1)

Written Contract or Other Arrangement (R)

Network scan and device discovery can report on contractor access and deploy KBOX client to contractor systems Secure access on contractor systems can enforce HIPPA compliance

Copyright © 2006 KACE Networks, Inc. All rights reserved.

9

Your IT Guy Has Enough on His Plate Without Being the HIPAA Police The KBOX HIPAA Approach

Implementation Specifications Standards/Sections Physical Safeguards
Facility Access Controls 164.310(a)(1) Contingency Operations (A) (R)=Required, (A)=Addressable

Potential Risks/Vulnerabilities
Improperly controlled physical access to systems containing e-PHI resulting in unauthorized due to ineffective plan to access facility during emergency or disaster. (Point person, contact list available, alternate means of access, etc.) Improperly controlled access to computer systems Improperly controlled access within facility Inability to implement necessary contingency or access systems Unauthorized or improper access to devices which contain ePHI due to insufficient policies and procedures in place to regulate security on the storage and usage of logins and passwords Unauthorized or improper access to devices which contain ePHI due to insufficient policies and procedures in place to assure that workstations are logged off appropriately or screensaver locks are used Unauthorized or improper access to devices which contain ePHI due to: Insufficient policies and procedures in place to disallow physical access by unauthorized persons Insufficient policies and procedures in place to control physical access to workstations in both private work areas and in public areas Insufficient policies and procedures in place to govern proper placement and/or positioning of devices on which e-PHI may be viewed or accessed Insufficient policies and procedures in place to govern the physical security of mobile devices and media containing e-PHI

KBOX Capabilities
On disposal of designated systems, KBOX can remove any applications that could contain or allow access to e-PHI

Facility Security Plan (A) Access Control & Validation Procedures (A) Maintenance Records (A) Workstation Use 164.310(b) (R)

Security vulnerability scanning Password permission enforcement Automatic patching of operating systems and critical software Enforce security policies such as firewall and antivirus configuration settings Enforce consistent application configuration Automated policy management & enforcement Limit/ remove/report on local accounts and privileges Lockdown of read and write access to all removable storage media Track all computer hardware Lockdown or data destruction enforcement

Workstation Security 164.310(c)

(R)

Copyright © 2006 KACE Networks, Inc. All rights reserved.

10

Your IT Guy Has Enough on His Plate Without Being the HIPAA Police The KBOX HIPAA Approach

Implementation Specifications Standards/Sections
Device & Media Controls 164.310(d)(1) (R)=Required, (A)=Addressable Disposal (R)

Potential Risks/Vulnerabilities
Unauthorized or improper access to devices or media which contain e-PHI due to unauthorized or improper access to devices or media which contain e-PHI because of ineffective policies and procedures that govern the receipt and removal of hardware and electronic media that contain e-PHI into and out of a facility and the movement of these items within the facility Unauthorized or improper access to devices or media which contain e-PHI due to unauthorized or improper access to devices or media which contain e-PHI due to insufficient policies and procedures in place for the proper disposal, removal or destruction of media whether using internal methods or contracting with an external source

KBOX Capabilities
Automatic data destruction at disposal of asset

Media Re-use (R)

Accountability (A)

Unauthorized or improper access to devices which contain ePHI Unauthorized or improper access to devices which contain ePHI due to unauthorized or improper access to devices which contain e-PHI. (For example, lost or stolen equipment) due to insufficient policies and procedures in place to address the movement of hardware and electronic devices Loss or damage to e-PHI due to failure to back-up data prior to moving equipment as per policy and procedure

Computer inventory audit and reports including missing machines Destruction of data or disabling of machine if machine is determined to be outside of an organization’s network

Data Backup & Storage (A)

Verify that backups have taken place

Copyright © 2006 KACE Networks, Inc. All rights reserved.

11

Your IT Guy Has Enough on His Plate Without Being the HIPAA Police The KBOX HIPAA Approach

Implementation Specifications Standards/Sections Technical Safeguards
Access Control 164.312(a)(1) Unique User Identification (R) (R)=Required, (A)=Addressable

Potential Risks/Vulnerabilities
Inability to comply with the minimum necessary requirement within the Privacy Rule due to ineffective policy and procedure for electronic information systems that maintain e-PHI to allow access only to those person or software programs that have been granted access rights as specified in 164.308(a)(4) Loss of audit ability and accountability due to ineffective user account management policies and procedures Loss of audit ability and accountability because software without unique ID tracking ability

KBOX Capabilities
Maintain machine-touser application relationships, audit for access, and deliver alerts

Emergency Access Procedure (R)

Unable to access e-PHI in an emergency situation (personnel related) due to ineffective policy and/or procedure in place to allow alternative user access Unable to access e-PHI in an emergency situation (technology failure) because technology failure interrupts access control systems to e-PHI

Security override through resetting of local accounts Easily repurpose any machine to mitigate technology failure with application deployment and configuration management

Automatic Logoff (A)

e-PHI may be disclosed to unauthorized personnel or to external actors due to open access caused by unattended workstations or devices without auto-log-off Unauthorized users access ePHI while because "Data at rest" stored in clear, discernable text Unauthorized or unusual activity goes undetected because effective monitoring/examining protocol not in place or systems containing e-PHI do not have audit capability

Enforce policy for unattended workstations

Encryption & Decryption (A)

Audit Controls 164.312(b)

(R)

logs

Audit firewall logs Review various server

Perform periodic spot check audit/scans on local drives to verify that storage of data files containing ePHI does not exist on the local drives of workstations

Copyright © 2006 KACE Networks, Inc. All rights reserved.

12

Your IT Guy Has Enough on His Plate Without Being the HIPAA Police The KBOX HIPAA Approach

Standards/Sections
Integrity 164.313(c)(1)

(R)=Required, (A)=Addressable Mechanism to Authenticate Electronic PHI (A)

Implementation Specifications

Potential Risks/Vulnerabilities
Exposure, alteration, destruction of e-PHI, loss of productivity, system failure, etc. due to: Lack of or outdated virus protection systems Inappropriate alteration or destruction to e-PHI go undetected because systems containing e-PHI do not have mechanisms to ensure integrity

KBOX Capabilities
Anti-virus and firewall policy enforcement Automatic patching of operating systems and critical software

Person or Entity Authorization 164.312(d)

(R)

Access to e-PHI system by unauthorized users because systems containing e-PHI do not have mechanisms to allow user authentication Unauthorized access to e-PHI during transmission process Unauthorized intrusion and capture of e-PHI through transmission vehicles

Enforce, configure, and audit local system accounts

Transmission Security 164.312(e)(1)

Integrity Controls (A) Encryption (A)

For security policy enforcement, KBOX uses pre-packaged audit templates to ensure that security policies are strictly controlled. To take the security policy enforcement needs of the Security Rule one-step further, KBOX adds the ability to scan and detect malicious software or configurations and it provides automatic remediation to return systems to an approved configuration state while reporting on the policy breakdown. KBOX remediation can include patching, configuration and security management through scripting, and software distribution. HIPAA adds levels of accountability to all departments in your organization. KBOX addresses accountability requirements for many Security Rule Specifications by providing inventory, secure storage, and remote control capabilities. KBOX can auto-discover and inventory all hardware on your network. For managed nodes, it can also inventory all software; perform a full software license audit; and report on any added, removed, or modified hardware or software on your network. KBOX’s secure storage features ensure that only those with appropriate permissions can view, add, modify, or delete e-PHI-related system and data files. KBOX’s remote control feature can be used proactively to address help desk issues for HIPAA, allowing your help desk team to quickly resolve problems and meet compliance requirements. KBOX remote control can also be used to take control of an end-user system to stop policy violations, access violations, or attempts at malicious destruction. KBOX addresses change control by providing complete inventory, policy definition and enforcement, reporting, and access controls. KBOX’s software deployment features can be used to deploy applications and updates without having to give out administrator privileges. This prevents individuals or groups from installing unsanctioned software themselves and ensures that the responsibility for what is installed on the organization’s desktops rests solely with IT. However, to allow for greater efficiency and user satisfaction, a self-service user portal allows individual users to install software that has been sanctioned by IT.

Copyright © 2006 KACE Networks, Inc. All rights reserved.

13

Your IT Guy Has Enough on His Plate Without Being the HIPAA Police The KBOX HIPAA Approach

KBOX’s out-of-the-box reports provide information on the security of your network and the e-PHI data. KBOX’s reporting features also provide support for ODBC third-party tools to analyze KBOX data and audit trails. Additionally, KBOX’s security vulnerability audit capabilities provide scans of individual network nodes or components, groups of nodes, or all nodes on the network. This scan can then be used for HIPAA auditing to identify security vulnerabilities.

Conclusion
Covered healthcare entities of all sizes and their partners should be looking to ensure the security of patient information and systems. With IT budgets constrained, companies should first explore reuse of existing technologies wherever possible. They should target additional spending only on technology that directly addresses specific HIPAA Security Rule compliance initiatives. KBOX is uniquely positioned to directly address many of the Security Rule specifications, giving your IT team time to do what they do best – make your business run smoother.

Copyright © 2006 KACE Networks, Inc. All rights reserved.

14

Your IT Guy Has Enough on His Plate Without Being the HIPAA Police The KBOX HIPAA Approach

The KACE for KBOX
KBOX™ IT Management Suite by KACE™ offers a great deal of functional breadth in a single, plugand-play appliance. The functional characteristics of the solution support the entire lifecycle of network and remote desktop and server management. The KBOX IT Management Suite comes prepackaged in a single appliance and provides the following capabilities: • • • • • • • • • • Inventory and Audit Remote Control Software Deployment and Update Patch Management License Management Policy and Configuration Management Security Vulnerability Assessment and Remediation Reporting and IT Alerting/Messaging Help Desk And more…

Copyright © 2006 KACE Networks, Inc. All rights reserved.

15

Rethinking IT

Corporate Background
KACE, a privately-held technology company, is the leader in IT automation appliances. The KBOX™ by KACE product line delivers easy-to-use, comprehensive IT automation appliances that are affordable and really work. KACE is headquartered in Mountain View, California, and has offices in Charlotte, North Carolina and Chicago, Illinois. To learn more about KACE and its product offerings, please visit www.kace.com or call 1-888-522-3638.

Corporate Headquarters
1616 North Shoreline Blvd Suite B Mountain View, California 94043 (888) 522-3638 office for all inquiries (650) 649-1806 fax

Email & Web
Sales and partnering: sales@kace.com Support: support@kace.com Other Information: info@kace.com On the Web: http://www.kace.com

Copyright © 2006 KACE Networks, Inc. All rights reserved.

16


				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:79
posted:4/18/2008
language:English
pages:16