Welcome!

Blog Feed Post

10 Things You Need To Know about HIPAA Compliance in the Cloud

HIPAA Compliance in the cloudHealthcare businesses are adopting cloud computing in record numbers due to the available cost-efficiency, scalability, and flexibility. According to a report by Accenture, nearly one-third of healthcare sector decision makers said they are using cloud applications, and 73% said they are planning to move more applications to the cloud. When considering cloud computing for personal health information, healthcare businesses must be aware about the effect of HIPAA compliance in the cloud.

1. Strive to achieve “Safe Harbor”

Safe Harbor is a provision to HIPAA’s Final Breach Notification Rule, which kicks in when a breach occurs, and allows a “covered entity” (pending a breach risk assessment) to determine that Protected Health Information (PHI) was not disclosed. Encryption of PHI data is considered a primary way to achieve Safe Harbor.

In case of an information breach and assuming the risk assessment will find that PHI was encrypted, the covered entity will not be exposed to onerous reporting requirements; especially, they will not need to report the breach to every single effected patient, thus saving cost and their reputation. Additionally painful fines are likely to be avoided.

2. Encryption is only part of the solution

Strong data encryption, like AES-256, is critical to HIPAA compliance in the cloud, but it is not the end of the necessary cloud security. Strong encryption must be coupled with strong encryption key management in order to be effective.

3. Backups and snapshots must be secured

You need to properly secure any storage medium which contains protected health information about patients. This includes backups and snapshots.

4. Business Associate Agreements (BAAs) and liability

If a company you do business with (for example, a payment processor) has a data breach and ePHI is compromised, you could be liable too. Companies must sign a BAA, but are still potentially liable.

5. Monitor data access

According to TechTarget’s SearchHealthIT, you must monitor who has access to your data. “In order to ensure data is protected adequately, cloud providers implement advanced firewalls and intrusion detection systems that can help detect and prevent hackers from accessing their clients’ sensitive data.”

6. Employee training is a necessity

In addition to formal annual training, make sure you provide a constant stream of information and security awareness to train employees about their HIPAA compliance responsibilities. Use diverse methods to garner staff attention: posters, letters, memos, web based training, meetings, and promotions.

7. Policies and notices may need to be updated

Whenever the HIPAA rules change and/or your systems change, re-evaluate your policies and privacy notices as they will likely need to be updated and redistributed to patients.

8. Mobile devices and apps

All mobile devices and apps that are used by healthcare professionals must comply with HIPAA rules and regulations. Conduct a risk analysis to identify potential threats and vulnerabilities to ePHI, and implement a mitigation plan to address the gaps. Encrypt data on mobile devices before sending information to the app and always use strong user authentication to avoid data theft or inappropriate access.

9. Cloud storage can be made HIPAA compliant

Most cloud storage options are not HIPAA compliant “out of the box.” One of the reasons is because many cloud storage solutions allow encryption, but require that they have access to encryption keys. To maintain compliance and achieve safe harbor, use a solution like split key encryption that ensures that you maintain ownership and control of encryption keys.

10. HIPAA is not to be feared

Possibly the most important thing to know about HIPAA is that you should not fear it; it exists to protect patients, providers, and business associates and to facilitate appropriate data sharing. None of us want to suffer a breach and by following the provisions set forth in HIPAA, we protect ourselves.

 

Interested in learning more about HIPAA compliance? Read our white paper.

 

The post 10 Things You Need To Know about HIPAA Compliance in the Cloud appeared first on Porticor Cloud Security.

Read the original blog entry...

More Stories By Gilad Parann-Nissany

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.

Latest Stories
In the world of DevOps there are ‘known good practices’ – aka ‘patterns’ – and ‘known bad practices’ – aka ‘anti-patterns.' Many of these patterns and anti-patterns have been developed from real world experience, especially by the early adopters of DevOps theory; but many are more feasible in theory than in practice, especially for more recent entrants to the DevOps scene. In this power panel at @DevOpsSummit at 18th Cloud Expo, moderated by DevOps Conference Chair Andi Mann, panelists discussed...
Cloud-based disaster recovery is critical to any production environment and is a high priority for many enterprise organizations today. Nearly 40% of organizations have had to execute their BCDR plan due to a service disruption in the past two years. Zerto on IBM Cloud offer VMware and Microsoft customers simple, automated recovery of on-premise VMware and Microsoft workloads to IBM Cloud data centers.
Elon Musk is among the notable industry figures who worries about the power of AI to destroy rather than help society. Mark Zuckerberg, on the other hand, embraces all that is going on. AI is most powerful when deployed across the vast networks being built for Internets of Things in the manufacturing, transportation and logistics, retail, healthcare, government and other sectors. Is AI transforming IoT for the good or the bad? Do we need to worry about its potential destructive power? Or will we...
Many organizations adopt DevOps to reduce cycle times and deliver software faster; some take on DevOps to drive higher quality and better end-user experience; others look to DevOps for a clearer line-of-sight to customers to drive better business impacts. In truth, these three foundations go together. In this power panel at @DevOpsSummit 21st Cloud Expo, moderated by DevOps Conference Co-Chair Andi Mann, industry experts will discuss how leading organizations build application success from all...
SYS-CON Events announced today that Daiya Industry will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Daiya Industry specializes in orthotic support systems and assistive devices with pneumatic artificial muscles in order to contribute to an extended healthy life expectancy. For more information, please visit https://www.daiyak...
SYS-CON Events announced today that SIGMA Corporation will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. uLaser flow inspection device from the Japanese top share to Global Standard! Then, make the best use of data to flip to next page. For more information, visit http://www.sigma-k.co.jp/en/.
The last two years has seen discussions about cloud computing evolve from the public / private / hybrid split to the reality that most enterprises will be creating a complex, multi-cloud strategy. Companies are wary of committing all of their resources to a single cloud, and instead are choosing to spread the risk – and the benefits – of cloud computing across multiple providers and internal infrastructures, as they follow their business needs. Will this approach be successful? How large is the ...
Your clients expect transactions to never fail, cloud access to be fast and always on, and their data to be protected - no exceptions. Hear about how Secure Service Container (SSC), an IBM-exclusive open technology, enables secure building and hosting of next-generation applications, both cloud and on-premises. SSC protects the full stack from external and insider threats, allows automatic encryption of data in-flight and at-rest, and is tamper-resistant during installation and runtime – with no...
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend 21st Cloud Expo October 31 - November 2, 2017, at the Santa Clara Convention Center, CA, and June 12-14, 2018, at the Javits Center in New York City, NY, and learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
SYS-CON Events announced today that B2Cloud will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. B2Cloud specializes in IoT devices for preventive and predictive maintenance in any kind of equipment retrieving data like Energy consumption, working time, temperature, humidity, pressure, etc.
SYS-CON Events announced today that NetApp has been named “Bronze Sponsor” of SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. NetApp is the data authority for hybrid cloud. NetApp provides a full range of hybrid cloud data services that simplify management of applications and data across cloud and on-premises environments to accelerate digital transformation. Together with their partners, NetApp em...
SYS-CON Events announced today that Interface Corporation will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Interface Corporation is a company developing, manufacturing and marketing high quality and wide variety of industrial computers and interface modules such as PCIs and PCI express. For more information, visit http://www.i...
SYS-CON Events announced today that Massive Networks, that helps your business operate seamlessly with fast, reliable, and secure internet and network solutions, has been named "Exhibitor" of SYS-CON's 21st International Cloud Expo ®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. As a premier telecommunications provider, Massive Networks is headquartered out of Louisville, Colorado. With years of experience under their belt, their team of...
SYS-CON Events announced today that Mobile Create USA will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Mobile Create USA Inc. is an MVNO-based business model that uses portable communication devices and cellular-based infrastructure in the development, sales, operation and mobile communications systems incorporating GPS capabi...
SYS-CON Events announced today that Nihon Micron will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Nihon Micron Co., Ltd. strives for technological innovation to establish high-density, high-precision processing technology for providing printed circuit board and metal mount RFID tags used for communication devices. For more inf...