Secure Infrastructure and Services
Neurotech has selected Bomgar as the provider of secure access. Bomgar provides a secure access solution with HIPAA regulation and compliance at the forefront of their technology. It works through client firewalls without VPN tunneling, allowing the hospital’s perimeter security to stay intact. All remote access sessions are encrypted and logged, including actual recording of each session for a complete and detailed audit trail.
Neurotech and Bomgar’s IT infrastructure prevent sensitive data from being routed outside the organization. Our secure monitoring solutions reside within the hospital’s own dedicated environment avoiding any of the risks entailed in sharing a single instance with other clients. Compromising security measures are eliminated and allow hospitals to meet the HIPAA requirement to authorize, monitor and control all methods of remote access. In addition, Neurotech helps hospitals meet a variety of other HIPAA standards including “Subpart C – Security Standards for the Protection of Electronic Protected Health Information” with secure access solutions.
Neurotech offers 3 options* for IT access:
- Attended Remote Access – Hospital staff access the secure connection portal and enter a session key to establish remote access. This establishes a small piece of HIPAA compliant encrypted software on the patient’s computer. Once the patient is disconnected, the software is automatically uninstalled without leaving a footprint. This option requires the hospital to log in for each individual patient.
- Bomgar Button Access – Hospital staff access the secure connection portal and install a Bomgar Button on each individual patient computer. This establishes a small piece of HIPAA compliant, encrypted software on the patient’s computer which remains available for all subsequent patients. Hospital staff double click on that button each time a patient is hooked up, without having to re-establish the connection.
- Jump Client Unattended Access – Hospital staff install encrypted, HIPAA compliant Bomgar software which remains accessible to Neurotech at all times. Hospital staff does not need to establish a connection with Neurotech to begin monitoring.
*All options must be initiated at the patient’s bedside computer, while connected with the hospital’s EEG software and EEG unit.
Neurotech’s IT Infrastructure
ARCHITECTURE: All data is SSL encrypted and passed through firewalls without port forwarding
AUTHENTICATION: Integrates with existing identity management and authentication methods
ACCESS CONTROLS: 50+ permissions can be assigned to reps and third party vendors individually or through groups
AUDIT: Full video recording and logging of session events
Network Architecture – Neurotech’s network architecture is built to protect all entry points with dedicated edge gateways and segmented network components.
User Management – Accounts are only issued to those who are eligible for an account and whose identity has been verified.
Testing – Neurotech’s IT staff tests the connection prior to the first patient. Any connection issues related to firewalls or other security will be addressed at this time.
Monitoring – The infrastructure is continuously monitored and vulnerability testing is conducted regularly by security staff. During patient testing, if there are any issues related to the connection, Hospital staff can call Neurotech’s EEG technologist hotline to resolve the issue.
Established procedures – Procedures for all information systems ensure that users’ access rights are adjusted appropriately and in a timely manner to reflect any changes in a user’s circumstances (e.g. when an employee changes their role or leaves the company).
System, Platform and Device Support
Neurotech EEG Provides support for virtually any system and platform
Windows: Windows XP – Windows 10; Server 2003 – 2012 R2; Windows POSReady 7
Mac: Mac OS X 10.6 – 10.12
Linux: Fedora Core 22 – 24; RedHat Enterprise 6 – 7; SLED 11 – 12; SLES 10 – 12; Ubuntu 14.04 – 15.10
Headless or CLI-only Linux Endpoints (Systems without X installed or to systems that have X, but only require access to the CLI)