SYS-CON MEDIA Authors: Elizabeth White, Zakia Bouachraoui, Liz McMillan, Janakiram MSV, Carmen Gonzalez

Blog Feed Post

10 Things You Need To Know about HIPAA Compliance in the Cloud

HIPAA Compliance in the cloudHealthcare businesses are adopting cloud computing in record numbers due to the available cost-efficiency, scalability, and flexibility. According to a report by Accenture, nearly one-third of healthcare sector decision makers said they are using cloud applications, and 73% said they are planning to move more applications to the cloud. When considering cloud computing for personal health information, healthcare businesses must be aware about the effect of HIPAA compliance in the cloud.

1. Strive to achieve “Safe Harbor”

Safe Harbor is a provision to HIPAA’s Final Breach Notification Rule, which kicks in when a breach occurs, and allows a “covered entity” (pending a breach risk assessment) to determine that Protected Health Information (PHI) was not disclosed. Encryption of PHI data is considered a primary way to achieve Safe Harbor.

In case of an information breach and assuming the risk assessment will find that PHI was encrypted, the covered entity will not be exposed to onerous reporting requirements; especially, they will not need to report the breach to every single effected patient, thus saving cost and their reputation. Additionally painful fines are likely to be avoided.

2. Encryption is only part of the solution

Strong data encryption, like AES-256, is critical to HIPAA compliance in the cloud, but it is not the end of the necessary cloud security. Strong encryption must be coupled with strong encryption key management in order to be effective.

3. Backups and snapshots must be secured

You need to properly secure any storage medium which contains protected health information about patients. This includes backups and snapshots.

4. Business Associate Agreements (BAAs) and liability

If a company you do business with (for example, a payment processor) has a data breach and ePHI is compromised, you could be liable too. Companies must sign a BAA, but are still potentially liable.

5. Monitor data access

According to TechTarget’s SearchHealthIT, you must monitor who has access to your data. “In order to ensure data is protected adequately, cloud providers implement advanced firewalls and intrusion detection systems that can help detect and prevent hackers from accessing their clients’ sensitive data.”

6. Employee training is a necessity

In addition to formal annual training, make sure you provide a constant stream of information and security awareness to train employees about their HIPAA compliance responsibilities. Use diverse methods to garner staff attention: posters, letters, memos, web based training, meetings, and promotions.

7. Policies and notices may need to be updated

Whenever the HIPAA rules change and/or your systems change, re-evaluate your policies and privacy notices as they will likely need to be updated and redistributed to patients.

8. Mobile devices and apps

All mobile devices and apps that are used by healthcare professionals must comply with HIPAA rules and regulations. Conduct a risk analysis to identify potential threats and vulnerabilities to ePHI, and implement a mitigation plan to address the gaps. Encrypt data on mobile devices before sending information to the app and always use strong user authentication to avoid data theft or inappropriate access.

9. Cloud storage can be made HIPAA compliant

Most cloud storage options are not HIPAA compliant “out of the box.” One of the reasons is because many cloud storage solutions allow encryption, but require that they have access to encryption keys. To maintain compliance and achieve safe harbor, use a solution like split key encryption that ensures that you maintain ownership and control of encryption keys.

10. HIPAA is not to be feared

Possibly the most important thing to know about HIPAA is that you should not fear it; it exists to protect patients, providers, and business associates and to facilitate appropriate data sharing. None of us want to suffer a breach and by following the provisions set forth in HIPAA, we protect ourselves.

 

Interested in learning more about HIPAA compliance? Read our white paper.

 

The post 10 Things You Need To Know about HIPAA Compliance in the Cloud appeared first on Porticor Cloud Security.

Read the original blog entry...

More Stories By Gilad Parann-Nissany

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.

Latest Stories
AI and machine learning disruption for Enterprises started happening in the areas such as IT operations management (ITOPs) and Cloud management and SaaS apps. In 2019 CIOs will see disruptive solutions for Cloud & Devops, AI/ML driven IT Ops and Cloud Ops. Customers want AI-driven multi-cloud operations for monitoring, detection, prevention of disruptions. Disruptions cause revenue loss, unhappy users, impacts brand reputation etc.
Platform-as-a-Service (PaaS) is a technology designed to make DevOps easier and allow developers to focus on application development. The PaaS takes care of provisioning, scaling, HA, and other cloud management aspects. Apache Stratos is a PaaS codebase developed in Apache and designed to create a highly productive developer environment while also supporting powerful deployment options. Integration with the Docker platform, CoreOS Linux distribution, and Kubernetes container management system ...
Because Linkerd is a transparent proxy that runs alongside your application, there are no code changes required. It even comes with Prometheus to store the metrics for you and pre-built Grafana dashboards to show exactly what is important for your services - success rate, latency, and throughput. In this session, we'll explain what Linkerd provides for you, demo the installation of Linkerd on Kubernetes and debug a real world problem. We will also dig into what functionality you can build on ...
In a recent survey, Sumo Logic surveyed 1,500 customers who employ cloud services such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). According to the survey, a quarter of the respondents have already deployed Docker containers and nearly as many (23 percent) are employing the AWS Lambda serverless computing framework. It's clear: serverless is here to stay. The adoption does come with some needed changes, within both application development and operations. Th...
After years of investments and acquisitions, CloudBlue was created with the goal of building the world's only hyperscale digital platform with an increasingly infinite ecosystem and proven go-to-market services. The result? An unmatched platform that helps customers streamline cloud operations, save time and money, and revolutionize their businesses overnight. Today, the platform operates in more than 45 countries and powers more than 200 of the world's largest cloud marketplaces, managing mo...
The standardization of container runtimes and images has sparked the creation of an almost overwhelming number of new open source projects that build on and otherwise work with these specifications. Of course, there's Kubernetes, which orchestrates and manages collections of containers. It was one of the first and best-known examples of projects that make containers truly useful for production use. However, more recently, the container ecosystem has truly exploded. A service mesh like Istio a...
Containerized software is riding a wave of growth, according to latest RightScale survey. At Sematext we see this growth trend via our Docker monitoring adoption and via Sematext Docker Agent popularity on Docker Hub, where it crossed 1M+ pulls line. This rapid rise of containers now makes Docker the top DevOps tool among those included in RightScale survey. Overall Docker adoption surged to 35 percent, while Kubernetes adoption doubled, going from 7% in 2016 to 14% percent.
Technology has changed tremendously in the last 20 years. From onion architectures to APIs to microservices to cloud and containers, the technology artifacts shipped by teams has changed. And that's not all - roles have changed too. Functional silos have been replaced by cross-functional teams, the skill sets people need to have has been redefined and the tools and approaches for how software is developed and delivered has transformed. When we move from highly defined rigid roles and systems to ...
Even if your IT and support staff are well versed in agility and cloud technologies, it can be an uphill battle to establish a DevOps style culture - one where continuous improvement of both products and service delivery is expected and respected and all departments work together throughout a client or service engagement. As a service-oriented provider of cloud and data center technology, Green House Data sought to create more of a culture of innovation and continuous improvement, from our helpd...
Docker and Kubernetes are key elements of modern cloud native deployment automations. After building your microservices, common practice is to create docker images and create YAML files to automate the deployment with Docker and Kubernetes. Writing these YAMLs, Dockerfile descriptors are really painful and error prone.Ballerina is a new cloud-native programing language which understands the architecture around it - the compiler is environment aware of microservices directly deployable into infra...
The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long development cycles that produce software that is obsolete at launch. DevOps may be disruptive, but it is essential. DevOpsSUMMIT at CloudEXPO expands the DevOps community, enable a wide sharing of knowledge, and educate delegates and technology providers alike.
Public clouds dominate IT conversations but the next phase of cloud evolutions are "multi" hybrid cloud environments. The winners in the cloud services industry will be those organizations that understand how to leverage these technologies as complete service solutions for specific customer verticals. In turn, both business and IT actors throughout the enterprise will need to increase their engagement with multi-cloud deployments today while planning a technology strategy that will constitute a ...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
The platform combines the strengths of Singtel's extensive, intelligent network capabilities with Microsoft's cloud expertise to create a unique solution that sets new standards for IoT applications," said Mr Diomedes Kastanis, Head of IoT at Singtel. "Our solution provides speed, transparency and flexibility, paving the way for a more pervasive use of IoT to accelerate enterprises' digitalisation efforts. AI-powered intelligent connectivity over Microsoft Azure will be the fastest connected pat...
While more companies are now leveraging the cloud to increase their level of data protection and management, there are still many wondering “why?” The answer: the cloud actually brings substantial advancements to the data protection and management table that simply aren’t possible without it. The easiest advantage to envision? Unlimited scalability. If a data protection tool is properly designed, the capacity should automatically expand to meet any customer’s needs. The second advantage: the ...