HIPAA compliance in the public cloud: You don’t have to pilot it alone
To escape the confines of outdated IT infrastructure, more healthcare organizations are migrating data to public clouds like Azure and Amazon Web Services (AWS). Here they find a scalable, flexible environment for unlimited innovation, under a manageable “pay-as-you-go” price plan.
Organizations considering a similar move may be wondering if these benefits also include strong safeguarding of protected health information (PHI). It’s a crucial consideration – by law, healthcare organizations and their business associates who handle PHI must protect it in compliance with the Healthcare Insurance Portability & Portability Act (HIPAA). And this legislation only addresses the minimum standards for PHI security and privacy. Industry best practices advise additional and even more rigorous measures, and for good reason. Health data is under attack, with over 120 million health records breached in 2015 alone.
So here’s the big question: how do healthcare providers and healthcare IT organizations take advantage of public clouds like AWS and Azure without having to take on the entire responsibility of keeping PHI private and secure? An increasing number are instead offloading this daunting responsibility to cloud vendors who offer a broad set of services for managing PHI in a purpose-built HIPAA-compliant cloud. These include: data migration, data encryption, access control, backup and disaster recovery, firewall management and more.
Amazon Web Services, AWS, Azure, ClearDATA, Cleveland Clinic, CloudTrail, Health Information Trust Alliance Common Security Framework, HIPAA, HITRUST-CSF, pay-as-you-go, PHI, Protected Health Information