Alpha Nodus, Inc.

Physical Safeguards (see 164.310)

Alpha Nodus has physical measures, policies, and procedures to protect a covered entity's electronic information systems and related buildings and equipment, from natural and environmental hazards, and unauthorized intrusion.

Facility Access Controls - 164.310(a)(1)


StandardDescription
Contingency Operations (A)Establish (and implement as needed) procedures that allow facility access in support of restoration of lost data under the disaster recovery plan and emergency mode operations plan in the event of an emergency.
Facility Security Plan (A)Implement policies and procedures to safeguard the facility and the equipment therein from unauthorized physical access, tampering, and theft.
Access Control and Validation Procedures (A)Implement procedures to control and validate a person’s access to facilities based on their role or function, including visitor control, and control of access to software programs for testing and revision.
Maintenance Records (A)Implement policies and procedures to document repairs and modifications to the physical components of a facility which are related to security (for example, hardware, walls, doors, and locks).

Alpha Nodus, Inc. infrastructure supporting its environments is hosted at  AWS (Amazon Web Services) which provides hosting and recovery services for the infrastructure.

Alpha Nodus headquarters also has any written policies and procedures for safeguarding the corporate location, which includes workstations with access to the environment, from unauthorized physical access. CCTV footage and a log entry are used to track access and all visitors are logged and escorted.

The Alpha Nodus environment is entirely hosted and built on hardware components provided by AWS which Alpha Nodus would never have access into.

Workstation Use - 164.310(b)


StandardDescription
Workstation Use (Req)Implement policies and procedures that specify the proper functions to be performed, the manner in which those functions are to be performed, and the physical attributes of the surroundings of a specific workstation or class of workstation that can access ePHI.

Alpha Nodus, Inc. has policies in place that define the acceptable uses in place for workstations within the environment. These policies define the acceptable and unauthorized uses of personnel that provided workstations with access to systems potentially interacting with ePHI. These policies are enforced on all workstations. ePHI is strictly prohibited over Internal email.

Workstation Security - 164.310c


StandardDescription
Workstation Security (Req)Implement physical safeguards for all workstations that access ePHI, to restrict access to authorized users.

Alpha Nodus has a formal Workstation and Portable Media Security Policy that identifies the specific requirements of each device. The policies define the requirements for using and/or restricted specific actions while engaged with any ePHI. Additionally, workstations are secured appropriately to limit exposure to breaches. Firewalls and hard disk encryption are used on all workstations. Actions and events are monitored and controlled, with user restrictions on downloading or copying any ePHI without documented approval and business justification. Additionally, ePHI must not be stored over the internal file storage (google apps) as part of this policy.

Device and Media Controls - 164.310(d)(1)


StandardDescription
Disposal (Req)Implement policies and procedures to address the final disposition of ePHI, and/or the hardware or electronic media on which it is stored.
Media Re-use (Req)Implement procedures for removal of ePHI from electronic media before the media are made available for re-use.
Accountability (A)Maintain a record of the movements of hardware and electronic media and any person responsible therefore.
Data Backup and Storage (A)Create a retrievable, exact copy of electronic protected health information, when needed, before movement of equipment.

Alpha Nodus has policies and procedures for all workstations that interact with and may potentially become exposed to ePHI. These policies have requirements for secure media disposal so that ePHI cannot be recovered from these systems.

Alpha Nodus has Media re-use requirements for the workstations.

Copyright © Alpha Nodus, Inc. All rights reserved.
Confidential