These include (but are not limited to) Role-Based Access Controls, Active Directory integration, password audits (*), and advanced reporting capabilities that satisfy the requirements for activity reporting.
#Roboform family plan price series#
With regards to administering users and complying with the Security Rule safeguards, the RoboForm business plan includes a series of features that simplify corporate password management. It also supports the use of unique complex passwords for each account to mitigate the risk of a data breach attributable to a brute force attack. This has advantages for businesses inasmuch as passwords for corporate accounts can be shared securely among teams across all devices without businesses having to consider who is using which browser or what type of device. This means that rather than browser-based password managers (i.e., Chrome) that only save passwords in one browser brand, or operating system-based password managers (i.e., Apple Keychain) that only save passwords in one OS type, users can access passwords from any Internet-connected device regardless of the browser or operating system. RoboForm is a vault-based password manager. However, if the business did not use the platform for storing or sharing PHI, RoboForm can be a cost-effective way to enhance the security of online accounts. Therefore, if a business was to deploy a RoboForm password manager in a health care environment, they would not be able to store PHI on the platform or use it to share health information – even via the secure messaging feature. RoboForm falls into the “decline to say” category, so it is safe to assume they won´t. However, most vendors of vault-based password managers will not, or decline to say, whether they will enter into a Business Associate Agreement – a requirement of HIPAA even when the vendor cannot view any PHI because it is encrypted and the vendor does not have the decryption key.
Most vault-based password managers include these capabilities in their business subscription plans – including RoboForm. These include access controls, user verification, activity reporting, and automatic logoff. The HIPAA Security Rule includes a number of safeguards that apply to password managers if they are going to be used to store or share Protected Health Information (PHI). Consequently, some features mentioned in this review may not be relevant for other, non-regulated businesses. This RoboForm review has been compiled from the perspective of a HIPAA Covered Entity or Business Associate required to comply with the safeguards of the Security Rule.
0 kommentar(er)
