Security Compliance Form

This information security review form is designed to help ensure you meet the requirements for accessing electronic patient health information (ePHI) on your device. Please carefully review each section and mark whether your system is in compliance with the policy, or if you need additional assistance with configuration. BeamReaders reserves the right to audit devices accessing ePHI at any time.

SECURITY PROTOCOLS

Providers are only allowed to access BeamReaders resources from computer devices that meet these requirements, and work devices should not be used for personal activity.  If you are unsure if a device meets these requirements, do not access BeamReaders Technology from the device until it has been reviewed and confirmed it meets them.

Please review each of the sections below.  If you are confident that your systems meet the requirements, please select  "confirm".  Otherwise, simply select "Need Assistance".

1. Review the existing local security accounts on the computer to ensure:

  1. a. No Rogue (unexpected) user accounts are present
  2. b. The Guest account (if present) is disabled
  3. c. Review the ‘Administrators’ group to ensure only accounts that should have admin level access are included
  4. d. The Administrator account (if present) has a password compliant with the BeamReaders password standards (explained below)
  5. e. The user account(s) used by the Provider has a password compliant with the BeamReaders password standards (explained below)

2. Ensure the local account lockout policy is set to prevent a brute force attack.

More information +
a. Typically disabled by default, the local security policy should be reviewed to enable automatic account lockout after five (5) failed login attempts.

b. It can be set to automatically unlock after 30 minutes

3. Set the system to automatically lock the console after 5 minutes of inactivity.

More information +
a. The purpose is to automatically lock (not logout) the current windows session after a period of inactivity (i.e., if the radiologist has stepped away from the computer).

b. The user’s password is required to unlock the session

c. Set the system to automatically lock the console after no more than 5 minutes of inactivity.

4. Confirm the system is setup to automatically require the user’s password when the computer is woken up from sleep or hibernation modes or startup.

More information +
Confirm that the Operating System is configured to require a username and password upon startup, and that the password credentials are not stored in some manner that allows the system to automatically login without the manual entry of the password.  FaceID or TouchID are considered equivalent to entering a password credential.  Delete the stored credentials if found.

5. Confirm that the web browser(s) used to access the BeamReaders portal do not have the Provider’s credentials stored allowing it to be logged in without having to manually enter the password.

  1. a. Stored credentials, while convenient, defeat the portal’s security if someone gains access to the device.
  2. b. Delete the stored credentials if found.

6. Confirm that the built-in Firewall is enabled.

  1. a. The only exception would be that if a third party security suite has replaced this with an equivalent or better solution that is active and enabled.
More information +
a. Verify that the encryption of the drive is enabled and make a record of this. Record the date of inspection, who performed the inspection, and reference the serial number/identifier of the device.  The record should also contain the type of encryption enabled (i.e., Bitlocker, FileVault, etc.) The record should be stored someplace other than on this device.

b. Modern versions of Windows now include Microsoft’s Bitlocker drive encryption, but this is OFF by default.  It must be properly enabled and the Bitlocker encryption key should be safely stored someplace other than on the same device.  It is REALLY important you keep a copy of this key someplace safe.

c. Mac OS X and later includes a tool called FileVault, by default this is disabled and needs to be enabled by the user.  FileVault allows for iCloud to store the encryption info or allows you to create a separate recovery key.  It is REALLY important you keep a copy of this key someplace safe.

8. Review the system for Remote Access applications and remove them.

More information +
a. Many applications like LogMeIn, GotoMyPC, Join.me, Microsoft Remote Desktop, etc. exist to allow remote access to a PC.

b. Each of these represents a potential hack vector, and an effort should be made to minimize the number of these tools installed and configured on a computer.

c. Remote Access applications should never be installed on your work machine.

9. The operating system must be one still in active support by manufacturer.

  1. a. Windows XP, Vista, and 7 are no longer support by Microsoft and therefore are not acceptable for accessing BeamReaders resources.

10. Internet Connectivity.

  1. a. Public WiFi, i.e., Starbucks, hotel rooms are high risk and should be avoided. If a situation requires you to connect to public WiFi you must use a virtual private network (VPN).
  2. b. Review approved network connections to ensure no unsecured networks are set to be automatically connected to. Learn how to remove those automatic connections.
  3. c. Make sure that your home WiFi router uses a strong password and at a minimum uses WPA2 security.

11. Disable Bluetooth if not typically in use.

Computers with Microsoft Windows Operating Systems: Additional Requirements

More information +
a. The antivirus program should be from an established well-known provider. Examples are Symantec, Norton, eSet, WebRoot, Trend Micro, Microsoft, etc.
b.    Ensure that it is set to automatically update its virus signatures.
c.    Ensure that the virus signatures are up to date.
d.    Ensure that real time scanning is enabled.
e.    Ensure that the system will do a full system scan at least weekly.
f.     Review the quarantine and logs for any sign of virus activity and take appropriate measures to ensure the computer is virus free.

13. The Windows operating system must be fully patched with all available Microsoft security updates.

  1. a. Ensure that Automatic Windows Updates are enabled and set to automatically install at least weekly.
  2. b. Manually run Windows Updates and verify there are no pending updates.

Password Standards

BeamReaders recognizes that a key element in protecting the safety of the ePHI is the use of good passwords. Strong passwords should be used for all user accounts for access to your computing devices, and for access to the BeamReaders portal.  

More information +
BeamReaders recommends the use of password management systems such as: 1password, LastPass, Dashlane.  These password platforms require a master password be typed in to unlock your password library.  All passwords are stored using a minimum of 256-bit encryption. Ensure your master password meets or exceeds the following standard.

1. 12 or more characters

2. Generated by your approved password system ensuring complete random generation, comprised of 3 of 4 dictionary words, or a multi word sentence

a. Passwords should also include a number, symbol, and mix of capitalized characters.

b. Words should be random and should NOT include any personal information about you like family names, pet names, birth dates, addresses, phone numbers, etc.  

3. The Password to access your device(s) and the BeamReaders portal should be UNIQUE.  You should not use the same password for either login, nor should it be used for ANY other accounts you have anywhere.  Differentiating passwords will prevent a third party from having access to multiple systems.

Record Keeping

1. BeamReaders requires that you keep records showing that your system and settings meet these requirements. These records need to be updated and refreshed at least every six months. This simple record should include (an example is provided below):

a. What specifically was reviewed and any relevant discovery or adjustments needed to comply with the requirements.

b. Who performed the review

c. The date the review was performed

d. A reference to the device reviewed such as its serial number

2. The records should not be solely contained on the device. Should it fail or be lost or stolen a complete set of the records must still be available. BeamReaders will provide a network location for the storage of these records.

Notification

1. BeamReaders requires that you immediately notify it when any of the following events occur:

a. The device is lost or stolen

b. A virus has infected the system

c. Malware was discovered on the system

d. The system was affected by Ransomware

e. Your device password was revealed

f. Your BeamReaders portal password was revealed

i. If your BeamReaders portal password was revealed use the forgot password setting immediately to reset it

g. Unauthorized access to your device has been detected

h. Any situation where ePHI or BeamReaders access has been compromised

2. The notice should include any relevant information about the event, including whether ePHI or BeamReaders access has been compromised.  

3. Notice should be given within 24 hours of the event. Time is of the essence in these events. Notice shall be provided verbally by phone and in written format by email. Contact the BeamReaders security officer and notify BeamReaders support: 916.771.350brsupport@beamreaders.com

Non-Compliance

Failure to comply with these security protocols presents a significant security and business risk to BeamReaders. BeamReaders will determine the best course of action to immediately remedy the condition on a case-by-case basis. Actions taken may ultimately include suspension of access to the system and/or termination of the Agreement. Your compliance with the requirements is essential.

System Optimization (optional)

While optimizing your computer system is not required for access to BeamReaders, it is encouraged to be performed at the same time of the security checks to help keep your device in top operating condition.

More information +
1. System Monitoring
       a. Review the Windows Event logs for signs of issues and take appropriate actions
                 i. Security logs for failed login attempts.
                ii. System logs for indications of hardware failures.

2. Purging Temp Files
        a. Run CCleaner to find and purge accumulating temp files from the Operating System, Web Browsers, and other applications.
        b. Run the Windows System Disk Management Cleanup tool with advanced options set to purge additional temp files.

3. Backup
       a. Maintaining a backup of your system is strongly encouraged.
       b. Backups can take many forms from a full local backup using a product like Acronis, to an Internet backup of your data only using a product like Carbonite.
       c. All backups should be fully encrypted and the encryption password should meet the standards above.

I agree to notify BeamReaders if I secure a new computer for use with BeamReaders.

Submit Report

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.