We service many customers in fields governed by Federal HIPAA compliance, including hospitals, doctors offices, banks, and legal entities. The OutReach Anywhere service is designed to meet strict security standards, which allows HIPAA regulated entities to meet regulatory guidelines set forth by HIPAA. We address all the following HIPAA compliant guidelines according to the following criteria:

Access Controls

• Define permission-based access on a granular level (such as permitting some technicians with remote view only, but not remote control; or some technicians with no file transfer rights)
• No data from remote PCs are stored on Twisted Networx' data center servers (only session and chat data are stored). In addition, chat text logs can be removed from session details.
• Permissions can be set so that Technicians do not have file transfer rights, eliminating their ability to take files from remote PCs.
• End user must be present at the remote machine, and permit remote access
• End user maintains control, and can terminate the session at any time
• Permissions can be set so that end user must explicitly allow a technician to use specific functions (remote control, desktop view, file transfer, system information, and reboot & reconnect)
• Access rights are automatically revoked when session is terminated
• Predetermined time of inactivity forces automatic logoff
• Hosted at redundant leading, carrier-grade data centers with restricted, secured access

Audit Controls

• Option for forced session recording, with ability to store audit files on secure network share
• Technician sessions and remote session activity is logged on the host computer to ensure security and maintain quality control (successful logins, unsuccessful logins, remote control started, remote control ended, reboot initiated, logout)
• Person or entity authentication
• The technician’s identity is defined by a unique email address, or via an SSO ID, and the technician must be authenticated
• Excessive number of unsuccessful login attempts (five unsuccessful attempts) will lock the account
• IP address restrictions limit the access technicians have to only those specified.
• Transmission Security
• End-to-end 256-bit SSL encryption of all data
• MD5 Hash for enhanced traceability of file transfers