HIPAA Compliance and the Cloud
To ensure privacy and safeguard an individuals’ medical data the was passed in the year 1996. HIPAA applies to any covered entity that:
Protected health information electronically and their business associates who encounter such health information in any way throughout the work that has been contracted.
HIPAA mandates such entities to comply with a set of standards that outline the lawful use and disclosure of protected health information.
Healthcare organizations and their business associates are migrating to cloud at a rapid pace on account of the:
cost-efficiency that cloud has to offer
However, they are worried about “how to make the most of the cloud while being HIPAA compliant and secure?”
While the HHS’s guidance on HIPAA and cloud computing states that:
the cloud service providers (CSP) should sign a business associate agreement and;
that CSP’s are directly liable for compliance with applicable requirements of HIPAA rules
The enterprises often overlook the security responsibility in the shared responsibility model that cloud service providers operate.
A CSP can only put in place safeguards to enable cloud usage in a manner that is HIPAA compliant; but the covered entity is responsible for ensuring and ensuring there is no misuse
No data should be shared through the cloud unless protected by an end-to-end encryption. The covered entity should ensure that the CSP uses the highest level of encryption. However, encryption alone does not give the necessary protection and satisfy all security rule requirements. The covered entity should be able to define all the security rules in the cloud and implement the best security practices to ensure their protection in the cloud.
At SecurEnds, we believe that coveted entities under HIPAA must conduct an ongoing assessment to know who has access to what resources and whether that access is appropriate. SecurEnds products once configured as a single unit or as a bolt-on to existing Identity Access Management (IAM) solution will create powerful governance and provisioning/ de-provisioning tool across clinical, financial and back-office applications. The will allow recurring automated access review campaigns that validate users within systems and ensure their access rights are appropriate while the ILM module will drive the management of dormant and orphan accounts. IRA module applies AI and ML to detect anomalies and user group outliers for faster remediation.
|Target State: Georgia|
Target City : Atlanta
Last Update : Jan 10, 2021 7:51 AM
Number of Views: 15
|Item Owner : SecurEnds|
Contact Phone: 678.374.4243
|Friendly reminder: Click here to read some tips.|