Is OpenDNS Umbrella HIPAA Compliant?
So the question your asking Is OpenDNS Umbrella HIPAA Compliant? Surely OpenDNS Umbrella and its software client is questionable, right? Is this a breach of HIPAA Compliance?
Lets Review The Basics…
Lets go back to the basics, OpenDNS is a company and service that extends the Domain Name System by adding features such as Logging, phishing protection, malware protection and content filtering in addition to DNS lookup, if its DNS servers are used. So knowing this it already seems to be better than Comcast DNS of 75.75.75.75 or Googles DNS of 8.8.8.8. Open DNS Umbrella actually provides something of value.
Let’s look at exactly how a DNS request works.
- A DNS request starts when you try to access a computer on the internet. For example, you type PatrickDomingues.com in your browser address bar.
- The first stop for the DNS request is the local DNS cache. As you access different computers, those IP addresses get stored in a local repository. If you visited PatrickDomingues.com before, you have the IP address in your cache.
- If you don’t have the IP address in your local DNS cache, DNS will check with a recursive DNS server. Your Internal Domain Controller or Internet Service Provider (ISP) like Comcast’s DNS usually provides a recursive DNS server for this purpose.
- The recursive DNS server has its own cache, and if it has the IP address, it will return it to you. If not, it will go ask another DNS server.
- The next stop is the TLD name servers, in this case, the TLD name server for the .com addresses. These servers don’t have the IP address we need, but it can send the DNS request in the right direction.
- What the TLD name servers do have is the location of the authoritative name server for the requested site. The authoritative name server responds with the IP address for PatrickDomingues.com and the recursive DNS server stores it in the local DNS cache and returns the address to your computer.
- Your local DNS service gets the IP address and connects to PatrickDomingues.com to download all the glorious content. DNS then records the IP address in local cache with a time-to-live (TTL) value. The TTL is the amount of time the local DNS record is valid, and after that time, DNS will go through the process again when you request PatrickDomingues.com the next time.
So now we know how DNS works and we want to put this into practice, well we can change our internal DNS to always point to a protected DNS source like OpenDNS Umbrella. We can have our internal DNS servers set its forward lookups to OpenDNS addresses to make sure that everyone internally is being resolved by OpenDNS. For end user laptops we can also install the OpenDNS Umbrella client so they stay protected as well.
To the Point, Is OpenDNS Umbrella HIPAA Compliant?
HIPAA mandates that we have certen security practices in place like Content Filterting, Malware Protection and Logging which is a critical security feature that is required by HIPAA security rule. The Auditing and Reporting Feature enables system administrators to quickly identify potential incidents and events by users.
In Conclusion!
The answer is YES , well more so the answer being that OpenDNS Umbrella can actually assists you in Achieving HIPAA compliance with a simple to deploy cost effect solution.
View The University of Kansas Hospital Customer Story