- Introduction
- HIPAA rule for File Access
- The Service or Daemon user
- Access to the Iguana log files
- Iguana user access
- Administrative user access
Introduction
These article goes into more detail for the file access requirements outlined in Iguana HIPAA Best Practices. You should probably start with Iguana HIPAA Best Practices, then come back to this article later for more detail.
This article discusses how to secure Iguana by only granting the minimum file access necessary. We address the minimum file access for users to do their work, and the minimum access for Iguana to run.
Tip: It is recommended best practice to apply file access security to all Iguana Production Servers.
These principles apply for all servers, not just those requiring HIPAA compliance.
HIPAA rule for File Access [top]
For reference we have copied Part 1: Access to Data files from the access requirements in Iguana HIPAA Best Practices:
1. Access to Data files: See 164.308(a)(4)(i)
This is the only one of the requirements that is not included in the Technical Safeguards matrix for the HIPAA Security Rule.
164.308(a)(4)(i) Standard: Information access management. Implement policies and procedures for authorizing access to electronic protected health information that are consistent with the applicable requirements of subpart E of this part.
164.308(e) Maintenance. Security measures implemented to comply with standards and implementation specifications adopted under § 164.105 and this subpart must be reviewed and modified as needed to continue provision of reasonable and appropriate protection of electronic protected health information as described at § 164.316.
Note: This quote from page 4 of the educational paper Technical Safeguards – PDF is also relevant (but appears to be an advisory comment — as it is not part of the HIPAA regulations)
“Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights as specified in§ 164.308(a)(4)[Information Access Management].”
Required: Restrict File Permissions
- (External) All disk files used by Iguana should have should have minimum access granted to allow your users to do their work. Permissions will need to be granted at the operating system level. You will need to address this with your system administration staff. This applies to all disk files used by Iguana that contain patient data, for example:
- The Iguana Windows Service user (or Daemon user in Linux etc.), will need full access to all files used by Iguana
- Access to the Iguana log files should be restricted to the Iguana Windows Service user (or Daemon user in Linux etc.)
- The system user that runs your backup software will need read access to the log files
- Iguana users should only be granted read access to files needed to do their jobs
- An administrative user with full access should be available for “emergency” use only by the Iguana system administrator
Note: We strongly recommend not giving full access to a personal user logon to prevent accidental file changes or deletions.
The Service or Daemon user [top]
- The Iguana Windows Service user (or Daemon user in Linux etc.) needs full access to all files used by Iguana
Note: Be sure to include permissions for files on shared drives - When rolling out new channels you may need to add permissions to access new data files, particularly if they are located on shared drives.
Note: This should be part of your normal development, test, rollout process
Access to the Iguana log files [top]
- Access to the Iguana log files should be restricted to the Iguana Windows Service user (or Daemon user in Linux etc.)
- The system user that runs your backup software will need read access to the log files
- If for any reason users need to inspect logs directly you can safely grant read access (though it is not recommended)
Note: Viewing the logs through the Iguana Logs interface will suffice in all but exceptional cases - An Administrative User (see below) can be used modify or delete log files in an emergency
Note: This should only be done if you are advised to do so by our support staff
Warning: Iguana log files never need to be modified manually, unless you are advised to do so by our support staff.
Because of this Iguana users should never be granted write/update access to the log files.
Iguana user access [top]
- Messages can be read modified and reprocessed through the Iguana logs — so in most cases production users will not need direct access to files
- If users need to access files directly to do their jobs you can safely grant read access
- An Administrative User (see below) can be used to create, modify or delete files in an emergency
Note: This should only be needed for data that is not in the Iguana queue (i.e., before or after it has been processed by Iguana) - Occasionally a user may need write/update permissions to fix a data problem, this should be done using the Administrative user (see previous point)
Note: We strongly recommend not giving update access to a personal user logon to prevent accidental file changes or deletions.
Administrative user access [top]
- An administrative user with full access should be available for “emergency” use only by the designated Iguana system administrator — the administrative user must not be a personal user login
Note: We strongly recommend not giving full access to a personal user logon to prevent accidental file changes or deletions