Blog Feed Post

10 Things You Need To Know about HIPAA Compliance in the Cloud

HIPAA Compliance in the cloudHealthcare businesses are adopting cloud computing in record numbers due to the available cost-efficiency, scalability, and flexibility. According to a report by Accenture, nearly one-third of healthcare sector decision makers said they are using cloud applications, and 73% said they are planning to move more applications to the cloud. When considering cloud computing for personal health information, healthcare businesses must be aware about the effect of HIPAA compliance in the cloud.

1. Strive to achieve “Safe Harbor”

Safe Harbor is a provision to HIPAA’s Final Breach Notification Rule, which kicks in when a breach occurs, and allows a “covered entity” (pending a breach risk assessment) to determine that Protected Health Information (PHI) was not disclosed. Encryption of PHI data is considered a primary way to achieve Safe Harbor.

In case of an information breach and assuming the risk assessment will find that PHI was encrypted, the covered entity will not be exposed to onerous reporting requirements; especially, they will not need to report the breach to every single effected patient, thus saving cost and their reputation. Additionally painful fines are likely to be avoided.

2. Encryption is only part of the solution

Strong data encryption, like AES-256, is critical to HIPAA compliance in the cloud, but it is not the end of the necessary cloud security. Strong encryption must be coupled with strong encryption key management in order to be effective.

3. Backups and snapshots must be secured

You need to properly secure any storage medium which contains protected health information about patients. This includes backups and snapshots.

4. Business Associate Agreements (BAAs) and liability

If a company you do business with (for example, a payment processor) has a data breach and ePHI is compromised, you could be liable too. Companies must sign a BAA, but are still potentially liable.

5. Monitor data access

According to TechTarget’s SearchHealthIT, you must monitor who has access to your data. “In order to ensure data is protected adequately, cloud providers implement advanced firewalls and intrusion detection systems that can help detect and prevent hackers from accessing their clients’ sensitive data.”

6. Employee training is a necessity

In addition to formal annual training, make sure you provide a constant stream of information and security awareness to train employees about their HIPAA compliance responsibilities. Use diverse methods to garner staff attention: posters, letters, memos, web based training, meetings, and promotions.

7. Policies and notices may need to be updated

Whenever the HIPAA rules change and/or your systems change, re-evaluate your policies and privacy notices as they will likely need to be updated and redistributed to patients.

8. Mobile devices and apps

All mobile devices and apps that are used by healthcare professionals must comply with HIPAA rules and regulations. Conduct a risk analysis to identify potential threats and vulnerabilities to ePHI, and implement a mitigation plan to address the gaps. Encrypt data on mobile devices before sending information to the app and always use strong user authentication to avoid data theft or inappropriate access.

9. Cloud storage can be made HIPAA compliant

Most cloud storage options are not HIPAA compliant “out of the box.” One of the reasons is because many cloud storage solutions allow encryption, but require that they have access to encryption keys. To maintain compliance and achieve safe harbor, use a solution like split key encryption that ensures that you maintain ownership and control of encryption keys.

10. HIPAA is not to be feared

Possibly the most important thing to know about HIPAA is that you should not fear it; it exists to protect patients, providers, and business associates and to facilitate appropriate data sharing. None of us want to suffer a breach and by following the provisions set forth in HIPAA, we protect ourselves.


Interested in learning more about HIPAA compliance? Read our white paper.


The post 10 Things You Need To Know about HIPAA Compliance in the Cloud appeared first on Porticor Cloud Security.

Read the original blog entry...

More Stories By Gilad Parann-Nissany

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.

Latest Stories
Poor data quality and analytics drive down business value. In fact, Gartner estimated that the average financial impact of poor data quality on organizations is $9.7 million per year. But bad data is much more than a cost center. By eroding trust in information, analytics and the business decisions based on these, it is a serious impediment to digital transformation.
Digital Transformation: Preparing Cloud & IoT Security for the Age of Artificial Intelligence. As automation and artificial intelligence (AI) power solution development and delivery, many businesses need to build backend cloud capabilities. Well-poised organizations, marketing smart devices with AI and BlockChain capabilities prepare to refine compliance and regulatory capabilities in 2018. Volumes of health, financial, technical and privacy data, along with tightening compliance requirements by...
Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settlement products to hedge funds and investment banks. After, he co-founded a revenue cycle management company where he learned about Bitcoin and eventually Ethereal. Andrew's role at ConsenSys Enterprise is a mul...
"NetApp is known as a data management leader but we do a lot more than just data management on-prem with the data centers of our customers. We're also big in the hybrid cloud," explained Wes Talbert, Principal Architect at NetApp, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
"Since we launched LinuxONE we learned a lot from our customers. More than anything what they responded to were some very unique security capabilities that we have," explained Mark Figley, Director of LinuxONE Offerings at IBM, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
I love the beginning of the year. It is always enjoyable to see people's predictions for trends in the coming year. Publications like Fortune, CNN Money, Washington Post and the Atlantic speculate about what gadgets and technologies are going to take off in popularity this year, psychics predict which celebrities will have babies and fall in love, and I start to think about trends like DevOps and where the software delivery industry is headed next.CollabNet, Eric Robertson, predicted.
DXWordEXPO New York 2018, colocated with CloudEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.
DXWorldEXPO LLC announced today that "Miami Blockchain Event by FinTechEXPO" has announced that its Call for Papers is now open. The two-day event will present 20 top Blockchain experts. All speaking inquiries which covers the following information can be submitted by email to [email protected] Financial enterprises in New York City, London, Singapore, and other world financial capitals are embracing a new generation of smart, automated FinTech that eliminates many cumbersome, slow, and expe...
Evan Kirstel is an internationally recognized thought leader and social media influencer in IoT (#1 in 2017), Cloud, Data Security (2016), Health Tech (#9 in 2017), Digital Health (#6 in 2016), B2B Marketing (#5 in 2015), AI, Smart Home, Digital (2017), IIoT (#1 in 2017) and Telecom/Wireless/5G. His connections are a "Who's Who" in these technologies, He is in the top 10 most mentioned/re-tweeted by CMOs and CIOs (2016) and have been recently named 5th most influential B2B marketeer in the US. H...
DXWorldEXPO | CloudEXPO are the world's most influential, independent events where Cloud Computing was coined and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals. Sponsors of DXWorldEXPO | CloudEXPO benefit from unmatched branding, profile building and lead generation opportunities.
The best way to leverage your Cloud Expo presence as a sponsor and exhibitor is to plan your news announcements around our events. The press covering Cloud Expo and @ThingsExpo will have access to these releases and will amplify your news announcements. More than two dozen Cloud companies either set deals at our shows or have announced their mergers and acquisitions at Cloud Expo. Product announcements during our show provide your company with the most reach through our targeted audiences.
DevOpsSummit New York 2018, colocated with CloudEXPO | DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City. Digital Transformation (DX) is a major focus with the introduction of DXWorldEXPO within the program. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of bus...
With 10 simultaneous tracks, keynotes, general sessions and targeted breakout classes, @CloudEXPO and DXWorldEXPO are two of the most important technology events of the year. Since its launch over eight years ago, @CloudEXPO and DXWorldEXPO have presented a rock star faculty as well as showcased hundreds of sponsors and exhibitors! In this blog post, we provide 7 tips on how, as part of our world-class faculty, you can deliver one of the most popular sessions at our events. But before reading...
Modern software design has fundamentally changed how we manage applications, causing many to turn to containers as the new virtual machine for resource management. As container adoption grows beyond stateless applications to stateful workloads, the need for persistent storage is foundational - something customers routinely cite as a top pain point. In his session at @DevOpsSummit at 21st Cloud Expo, Bill Borsari, Head of Systems Engineering at Datera, explored how organizations can reap the bene...
Cloud Expo | DXWorld Expo have announced the conference tracks for Cloud Expo 2018. Cloud Expo will be held June 5-7, 2018, at the Javits Center in New York City, and November 6-8, 2018, at the Santa Clara Convention Center, Santa Clara, CA. Digital Transformation (DX) is a major focus with the introduction of DX Expo within the program. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive ov...