BlogComputer Cyber SecurityHIPAA

Are Chromebooks HIPAA compliant? – Adelia Risk

Should you’re a medical apply, you’re in all probability tempted to offer Chromebooks a attempt.  They’re cheaper than a standard Home windows or Mac pc, they usually’re quite a bit easier and cheaper to take care of.

But are Chromebooks applicable for a medical company?  Can they be used to handle medical knowledge?  Are Chromebooks HIPAA compliant?

We expect they’re, and we’ve shoppers which are using Chromebooks efficiently.

And, sure, they’re saving fairly a bit of money and time over utilizing traditional laptops or desktops.

Chromebooks aren’t right for every firm

It’s worthwhile to proceed rigorously.  Chromebooks usually are not proper for each firm.

In this article, we’ll walk you thru:

  1. Why we consider Chromebooks are HIPAA compliant
  2. How Chromebooks will save you cash over traditional computers
  3. Some things to think about that will help you determine if a Chromebook is true on your follow
  4. How are you going to get help with HIPAA compliant Chromebooks

What’s a Chromebook?

Chromebooks are a kind of pc invented by Google.  They’re nice at doing any activity that you are able to do online — checking your e-mail, shopping the Web, and accessing a cloud-based EMR.  And once you use them with Google’s G Suite, you are able to do phrase processing (like Microsoft Phrase), spreadsheets (like Microsoft Excel), and shows (like Microsoft PowerPoint).

They will also do a lot of the things that different computer systems can do — you should use your personal monitor, your personal mouse, connect it to your printer, and so on.

Because of how they’re constructed, they’re MUCH safer than a standard Mac or Home windows pc.  But extra on that later.

Chromebooks are a LOT cheaper than traditional computers.

You will get a brand new one like this on Amazon for lower than $200.

Even fancier Chromebooks like this one are less than $500.

Additionally, while “Chromebook” is the most typical term that folks use to seek out these computer systems, they’re not simply limited to laptop type.

You can too purchase a “Chrome Box,” which is more like a standard pc…

Or even a “Chromebase,” which is an all-in-one pc with a monitor which you can even use as a touchscreen kiosk.

There are many options.  As we’ll talk about later, though, these Chrome units won’t be applicable for all businesses.  Read on for more info.

How are Chromebooks HIPAA compliant?

Our apologies prematurely — this half gets slightly technical.  Also, a quick disclaimer: We aren’t legal professionals, and this isn’t meant to be authorized recommendation.  In the event you’re crusing into uncharted waters, you may need to evaluation this with a professional HIPAA or privateness compliance lawyer.

Chromebooks are constructed (and work) very in another way from typical Home windows or Mac computer systems.

In our opinion, how they’re constructed makes them a lot safer out-of-the-box than a standard Home windows or Mac pc.

And IF they’re configured correctly, we consider they’re one of the safest ways to deal with medical knowledge.

Let’s discover why, and the way this pertains to HIPAA…

1) Chromebooks and Encryption

For those who’ve spent any time taking a look at HIPAA necessities for computer systems, you’ve undoubtedly come throughout the requirement that each one computer systems that handle PHI ought to be encrypted.

Right here’s how Google explains the best way Chromebooks handle encryption:

When utilizing net apps on a Chromebook, all essential knowledge is stored safely within the cloud. Sure sorts of information, like downloads, cookies, and browser cache information, should be current on the pc. The Chromebook encrypts this knowledge utilizing tamper-resistant hardware, making it very troublesome for anyone to access those information.

This can be a fairly huge deal.  Your patient knowledge and PHI isn’t saved on the actual Chromebook!  It’s all saved encrypted within the cloud.  It’s encrypted at relaxation and encrypted in transit (the 2 huge requirements).

This means in case your Chromebook is ever lost or stolen (and every thing is about up the fitting means), you don’t have to fret about someone else moving into your PHI.

2) Chromebooks and Antivirus

Whether you could have a Mac or a Windows pc, you’d better be utilizing a superb antivirus product.

Actually, most corporations now use TWO antivirus merchandise.  There are so many items of malware out there, no one security company can keep up anymore.

Right here’s the thing — you don’t need antivirus on a Chromebook.  This is due to the best way they are built.

Chromebooks use one thing referred to as “sandboxing,” which principally signifies that even in case you acquired an contaminated net page, the infection can’t unfold.

Here’s how Google explains sandboxing:

On a Chromebook, each net page and software runs in a restricted surroundings referred to as a “sandbox.” If the Chromebook is directed to an infected page, it might’t affect the opposite tabs or apps on the computer, or anything on the machine. The menace is contained.

Furthermore, even when some malware does handle to find a option to sneak onto the machine, Chrome uses a process referred to as “Verified Boot” to put issues again the best way they need to be.  If it detects any modifications to the system, it’s going to routinely restore itself.

three) Chromebooks and System Administration

Speak to any IT firm that sells Home windows computers, and also you’ll get an earful concerning the “proper” method that computer systems have to be configured.

They’ll throw around phrases like “Active Directory” and “Group Policy Objects” that management things like:

  • how long your password must be
  • how complicated your password needs to be
  • how lengthy your pc can sit inactive earlier than it requires a password
  • whether or not you should use USB drives
  • and much more

The wonderful thing about Chromebooks?  All of these settings are inbuilt, and might be updated from the cloud.  The subsequent time a consumer logs in, it mechanically picks up the most recent settings.

four) Chromebooks and Safety Patches

One other huge part of making typical computer systems compliant with HIPAA is making sure that you simply don’t have any vulnerabilities that hackers can use to steal your PHI.

The standard strategy to this is:

  • An IT supplier will sell you a “Remote Monitoring and Management” (RMM) software that may apply patches, and
  • A cybersecurity agency will sell you a “Vulnerability Scanning” software to catch all the vulnerabilities the RMM device misses

Again, Chromebooks make all of this work go away.  Here’s what Google says about updates:

The simplest option to shield towards malware is to ensure all software is up-to-date and has the newest safety fixes. This may be troublesome to manage on conventional operating methods with many software elements from many distributors all with totally different update mechanisms and consumer interfaces. Chromebooks manage updates routinely so Chromebooks are all the time operating the newest and most safe version.

5) Chromebooks and Backups

It’s essential to again your knowledge up in case your computers are misplaced, stolen, or infected with ransomware.

With Chromebooks, your whole knowledge is saved within the cloud.  Backups are automated, and real-time.

6) Chromebooks and Misplaced/Stolen Units

Lost or stolen computer systems are a very common reason for HIPAA knowledge breaches.

As talked about above, your pc needs to be encrypted.

The opposite requirement it is advisable meet is to be sure to have a solution to break the connection between the lost/stolen pc and your PHI.

Once you join a Chromebook to your enterprise account, you get using their “mobile device management” software program.

This means if a computer is ever lost or stolen, you possibly can log into the cloud and sever the connection between your knowledge and the gadget.

The individual with the computer gained’t be capable of get to your knowledge.

So are Chromebooks HIPAA Compliant?

Based mostly on this listing, we consider that they are.  Your knowledge is encrypted always.  You might have strong ways to regulate every endpoint.  The whole lot is backed up.  Every part is mechanically up to date, and viruses are self-corrected.

We consider that Chromebooks are SAFER than conventional Home windows and Mac computer systems.

Will Chromebooks Save You Money?

When in comparison with conventional Windows and Mac computers, Chromebooks will prevent money.

Not solely are they cheaper to purchase, however they get rid of loads of the administration and upkeep prices that go together with typical computers.

Listed here are some examples:

As you possibly can see, this provides as much as a LOT of month-to-month financial savings in comparison with a standard pc.

And best of all, you don’t have to have a server sitting around in your office.

The way to inform if Chromebooks are best for you

As we talked about above, Chromebooks aren’t a great fit for every business.

Even when your organization isn’t a 100% match for Chromebooks, think about a hybrid model.  We now have some shoppers who took this path and still saved a whole lot of money and time.

In a hybrid deployment, most employees members use Chromebooks, and a small group of people (often executives and workplace employees) nonetheless use a standard pc.  That approach, you get the most effective of each worlds.

1) Dangerous Internet connection

In case you have a sluggish Web connection, or if your Web connection commonly goes down, Chromebooks in all probability aren’t the perfect match for what you are promoting.  You’ll be able to work offline on some things (principally in G Suite), nevertheless it’s greatest in case your Web connection is all the time on.

One factor we’d advocate is getting a backup Internet connection in case of an outage.  You should purchase it from a special Web service supplier (ISP), or perhaps even think about cellular hotspots to use in an emergency.

2) Plenty of printing to shared printers

Chromebooks do a fantastic job of printing, and when you’re printing to an area pc (a printer hooked up to your pc), you need to be HIPAA compliant.

Should you’re printing to a shared printer (like an enormous multifunction gadget within the workplace), you may want to make use of Google Cloud Print.  Unfortunately, as of this writing, Google Cloud Print is NOT HIPAA-compliant.  So if you could do plenty of printing, Chromebooks won’t be greatest for you.

Nevertheless, this could be a very good time to move in the direction of being a paperless workplace.  You’ll be able to practice individuals to print information out to a PDF file, after which you possibly can store and share them utilizing Google Drive.

3) An area EMR (or different software program)

A lot of the practices that we meet are doing their charting, billing, and other EMR-related duties in a cloud-hosted EMR.  These work great on Chromebooks!  Unfortunately, if in case you have your EMR put in regionally (like on a server in your office or on an area pc), it in all probability gained’t work with Chromebooks.

There are some ways to run older items of software and nonetheless entry them via a Chromebook, however they’re type of clunky.

Once more, keep in mind that if any of these three gadgets describe your small business, you continue to may be capable of get value out of utilizing Chromebooks!  You simply may have to maintain one or two traditional computer systems around for specific features.

Why do different IT corporations say Chromebooks aren’t HIPAA compliant?

Search on-line or visit in style social community sites like Reddit and you’ll see lots of uninformed opinions about Chromebooks and HIPAA.

Here’s one remark from a supposed “IT expert” on the topic:

chromebooks hipaa compliant reddit

First, buddy, it’s spelled “HIPAA” and not “HIPPA.”

Moreover, this is 100% false.

Most IT companies provides you with this type of reply.  We expect they’re incorrect.

Why are they supplying you with incorrect answers?

Conventional IT companies generate profits once you buy extra.

The extra computers and servers they will sell you (and the extra software program it takes to make these computers protected and HIPAA-compliant), the better it is for their backside line.

See that desk above?  The one which lists a bunch of issues that you could make a standard pc protected and HIPAA-compliant?  That’s what the normal IT agency needs to promote you as a part of their commonplace package deal.

Learn how to get help making Chromebooks HIPAA compliant

That’s straightforward – we may help.

You must be very careful about how you configure Google’s G Suite and Chromebooks to ensure that they’re HIPAA compliant.  Establishing an organization is just not a simple activity, and we’ve achieved many HIPAA-compliant G Suite and Chromebook implementations.

When you’re fascinated by speaking by way of whether HIPAA-compliant Chromebooks are proper for your small business, name us at 888-646-1616 or schedule a time to speak here.

Related posts
accessibilityBlogbrowserChromeedgeFirefoxInternet ExplorersafariusabilityUXWeb

Group Labels Do Not Guarantee… Uniquity?

AdoreboardanalyticsBlogcustomer centricitycustomer experienceCXdata scienceemotion analysismarginal gains

Are Marginal Gains the Answer to Measuring Customer Experience? – Adoreboard Blog

Blog

Old Forge’s new passion: mountain biking

AdirondacksAPABlogEnvironment

David Gibson On APA Appointments; Role of Statewide Interests –