Hipaa Compliance And The Cloud

By Author: SecurEnds
Total Articles: 18
Comment this article

To ensure privacy and safeguard an individuals’ medical data the Health Insurance Portability and Accountability Act(HIPAA) was passed in the year 1996. HIPAA applies to any covered entity that:

collects

creates

or transmits

Protected health information electronically and their business associates who encounter such health information in any way throughout the work that has been contracted.

HIPAA mandates such entities to comply with a set of standards that outline the lawful use and disclosure of protected health information.

Healthcare organizations and their business associates are migrating to cloud at a rapid pace on account of the:

scalability

flexibility

cost-efficiency that cloud has to offer

However, they are worried about “how to make the most of the cloud while being HIPAA compliant and secure?”

While the HHS’s guidance on HIPAA and cloud computing states that:

the cloud service providers (CSP) should sign a business associate agreement and;

that CSP’s are directly liable for compliance ...
... with applicable requirements of HIPAA rules

The enterprises often overlook the security responsibility in the shared responsibility model that cloud service providers operate.

A CSP can only put in place safeguards to enable cloud usage in a manner that is HIPAA compliant; but the covered entity is responsible for ensuring and ensuring HIPAA Compliance there is no misuse

or misconfiguration.

No data should be shared through the cloud unless protected by an end-to-end encryption. The covered entity should ensure that the CSP uses the highest level of encryption. However, encryption alone does not give the necessary protection and satisfy all security rule requirements. The covered entity should be able to define all the security rules in the cloud and implement the best security practices to ensure their protection in the cloud.

At SecurEnds, we believe that coveted entities under HIPAA must conduct an ongoing assessment to know who has access to what resources and whether that access is appropriate. SecurEnds products once configured as a single unit or as a bolt-on to existing Identity Access Management (IAM) solution will create powerful governance and provisioning/ de-provisioning tool across clinical, financial and back-office applications. The CEM module will allow recurring automated access review campaigns that validate users within systems and ensure their access rights are appropriate while the ILM module will drive the management of dormant and orphan accounts. IRA module applies AI and ML to detect anomalies and user group outliers for faster remediation.

Get to know more about Challenges of fulfill HIPAA Compliance