Citrix Integration

By integrating our biometric devices with Citrix solutions, healthcare organizations’ IT teams can deliver integrated security, defending intellectual property against external attacks, insider threats and data loss while ensuring patient privacy and confidentiality. Healthcare organizations can successfully manage business risk by leveraging Zvetco & Citrix solutions to proactively meet and manage regulatory compliance and achieve a high degree of control from the desktop to the datacenter. By combining Zvetco’s industry leading biometric fingerprint reader with Citrix any healthcare concern can elevate security levels significantly while enjoying tremendous ease of use. With Zvetco, healthcare organizations can:

• Secure desktops, application and data to maintain patient confidentiality
  Zvetco + Citrix solutions ensure the privacy of patient data and ensure that health care workers always have secure access by maintaining the data centrally in the datacenter, safeguarded by strong authentication, smart access controls and data Encryption.
   
• Protect corporate assets and intellectual property to meet compliance requirements
  Zvetco + Citrix apply advanced security to all desktops, data and applications. Organizations benefit from the most advanced logging, reporting, and auditing capabilities on the market, even for legacy applications. Policies can be established so that data is always stored centrally and compliance regulations can easily be met
   
• Deliver a personalized, high definition access experience for faculty no matter where they work
  Zvetco + Citrix provide mobile healthcare workers with secure access to desktops, applications and data wherever they are located, on-demand and with the best user experience. For example, a physician at a patient's bedside can study x-rays and echocardiograms from a mobile device as if he or she were using an office PC.

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 was enacted by Congress to create a national standard for protecting the privacy of patients' personal health information. The law requires healthcare entities to use electronic means to process transactions, which include health information, to use standardized forms and a universal code system for illnesses and treatments. The regulation also requires new safeguards to protect the security and confidentiality of an individual's protected health information (PHI).

The Privacy Rule directly regulates three types of "covered entities":

1. Healthcare providers (including individuals and organizations),
2. Health plans (including insurers and other payors)
3. Health care clearinghouses (entities, such as billing services, that process health information from nonstandard into standard forms or vice versa).

While the Privacy Rule covers only the aforementioned three entities, it expands the reach of its protections by requiring that covered entities obtain written confidentiality assurances from their business associates. Business associates are defined as individuals or entities outside of the organization’s system that receive, create, or have access to individually identifiable health information and;

1. Perform a service on behalf of the organization or its affiliates or;
2. Fit within the list of specific service providers (i.e., outside legal, actuarial, accounting, consulting, management, administrative, accreditation, data aggregation, and financial services).

The written assurance (which may be in a stand-alone agreement or part of a larger contract) must include several provisions: for example, restrictions on how the business associate may use or release identifiable health care information, promises to protect such information and to return or destroy it at the end of the contract, and assurances to make such information available for compliance purposes. If a covered entity knows that its business associate has violated these provisions, the covered entity must take reasonable steps to correct the problem and terminate the contract (in most cases) if such steps fail.

The rule permits compliance reviews by HHS and the filing of complaints by individuals, which HHS may investigate. HIPAA authorizes both civil and criminal penalties, including significant fines and imprisonment.

Helping with your Compliance

The Healthcare Insurance Portability and Accountability Act (HIPAA) of 1996 and the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 have established tough standards for security within the Healthcare industry.

These new standards are aimed at protecting Electronic Health Records (EHR), Personal Health Records (PHR), and Protected Health Information (PHI). Hospitals, clinics and other healthcare providers are now directly responsible for security violations occurring within their or their business associates’ organizations. HIPAA and HITECH include various requirements that are often grouped into two main categories:

• Security Rules
• Privacy Ruless

Security Rules describe how healthcare providers should protect access to sensitive information, such as PHR or PHI. Privacy Rules determine patients’ rights to confidential treatment of their health-related information and specify the duties healthcare providers have to ensure such confidentiality.

The consequences of not complying with HIPAA or HITECH are significant. These may include civil and criminal charges, fines, obligations to notify the public or even the media of the incidents, and more. In some cases, these fines have been substantial. For example, in February of 2011 a $4.3 million penalty was imposed against Cignet Health in Prince George County, Maryland, for violating HIPAA patient access rights. But individuals are also liable as Dr. Richard Kaye of Virginia recently found out. On June 21, 2011 he was indicted on three counts of HIPAA violations. If convicted, under § 1320d-6(b)(2), Dr. Kaye could face a fine of up to $100,000 and up to five years in jail

Because this legislation anticipates a massive expansion in the exchange of electronic protected health information (ePHI), the HITECH Act also widens the scope of privacy and security protections available under HIPAA; it increases the potential legal liability for non-compliance; and it provides for far more enforcement.

To avoid the potential pitfalls of this more stringent regulatory, Zvetco Biometrics provides the key ingredients that enable any Healthcare institution to reduce costs, increase speed/efficiency and achieve compliance with all current and future regulations. Among these are:

• Biometric identification of employees with a history of insider fraud or other criminal activities – Biometric enrollment for employees is much easier as it can be accomplished as part of the hiring process by Human Resources or performed locally at branches using the same equipment as for customer enrollment. Further, employee identification can be used in conjunction with a fraudster database as part of the financial institution’s background check to ensure that new hires are not previously identified fraudsters.
• Shifting the organization’s reliance away from passwords and tokens – This reduces the high risk associated with passwords and the danger of credential or token sharing (biometrics, unlike passwords or tokens can’t be shared) to enable employees to gain access to resources to which they don’t have the authorizations or entitlements.
• Efficient employee authentication for automatic password and/or account reset, helping to greatly reduce help desk costs.
• Employee verification for a higher degree of authenticity, strengthening the organization’s access control practices, which reduces regulatory liability
• Insider threat deterrent – Biometrics can be used to better track employees to ensure that only the properly authorized individuals are performing their duties during the appropriate times at the appropriate locations. Biometrics also makes one think twice before attempting a fraud.

Zvetco’s tools provide the key authentication ingredient in delivering the required security to meet and exceed HITECH requirements. When mated to one of our waterproof readers, which allow for frequent disinfecting daily they create a simple, germ-free way to lock down desktops, laptops, networks, web applications and the electronic health records of all patients. Most important, Zvetco’s technology enables healthcare organizations to qualify for lucrative federal funds to subsidize their investments in this technology.

The Zvetco Difference

Zvetco differentiates itself from the competition in four key ways.

First, we embrace industry standards. By doing so, we provide the greatest flexibility of products and software solutions in the market. Have a need for remote lockdown of patient records via the web? No problem. Do you require a Single Sign-On with a biometric? Zvetco has you covered with market leading products according to Gartner’s Magic Quadrant™. Wish to add biometric authentication for remote access via Citrix or VPN? Zvetco delivers once more. Is biometric control of your SAP systems a requirement? We can lock down SAP at the application, group, user, transaction; even down to the field level! Want to perform a biometric match on the smart card? Yes, we do that too. Zvetco’s ability to adhere strictly to industry standards delivers the greatest variety of solutions and software tools in the market. Regardless of degree of difficulty and/or complexity of problem, Zvetco has a biometric device and software instrument that will solve it.

Second – High Quality. Zvetco manufactures the widest variety of extremely high quality readers in the marketplace today. It starts with our all-metal outer shell, which is powder coated for permanent protection and continues under the skin to our patent-pending voltage regulators and ESD (Electro-Static Discharge) protections. There is no item too small or insignificant that we do not address even if it means going to the extreme of using low inductance cables internally instead of standard cables that all others utilize. This means that unexpected voltage spikes will dissipate quickly instead of lingering and causing unwanted damage of the sensitive components on the printed circuit board.

Third – Tailored Solutions. Our unmatched breadth of readers and software solutions enable Zvetco to furnish your agency, organization or business with a custom tailored solution that meets your needs exactly. Unlike other vendors that develop their software in-house and have a limited scope, Zvetco is able to deliver compatibility with 30+ software vendors, each a leader in their respective vertical. This unique capability gives Zvetco the ability to provide you with precisely what you need; no more, no less. This means you will not be obligated to buy an overkill, overpriced solution or buy less, which is unsuitable.

Fourth – Compatible with Existing Infrastructure. As stated above, Zvetco enjoys compatibility with the largest number of software applications in the industry. As such, we can bolt on a biometric layer of unbeatable protection to your current infrastructure. Even older legacy applications that don’t offer advanced security protections can be locked down biometrically! This protects your initial investment in software, systems and staff that are trained and comfortable with the present systems.