60 likes | 116 Views
Digital health and healthcare organizations must implement proper HIPAA safeguards when handling protected health information (PHI). We walk through some of the requirements and best practices for selecting a HIPAA compliant cloud. Learn about some of the options for HIPAA compliant infrastructure and managing HIPAA compliance.<br><br>Dash has helped many organizations manage HIPAA compliance in Amazon Web Services (AWS) and the public cloud. Visit us at www.dashsdk.com
E N D
Selecting A HIPAA Compliant Cloud www.dashsdk.com
Do We Need To Comply With HIPAA? What are identifiers of protected health information (PHI) ? Learn More If Your Organization… • Is considered a covered entity such as a – healthcare provider, health plan, health service or healthcare clearinghouse • Is considered a business associate (BA) that interacts with a covered entity such as a – healthcare vendor, digital health, etc • Handles data that contains personally identifiable information (HIPAA identifiers) Your organization must follow HIPAA Requirements If Your Organization… • Your organization does not use protected health information (PHI) • Will not interact with data from healthcare providers, services, and other entities • Uses de-identified protected health information (PHI) Your organization does not need to comply with HIPAA
Questions To Consider 1 Who will be appointed as your security officer and/or privacy officer? Your organization must identify which individual(s) will be responsible for configuring your team’s security program and maintaining compliance policies and technical controls. 2 What technologies will your team implement and scale? What backend and frontend services need to be used with your software solution. Does your organization plan launch your own database servers or use a platform like Amazon Relational Database Service (RDS)? 3 What 3rd party services be used with protected health information (PHI)? Your organization must sign a business associates agreement (BAA) with all 3rd party services and SaaS software that interacts with protected health information (PHI). This includes email services, cloud storage, and other web services that you decide to use with PHI.
HIPAA Compliance Safeguards Physical Safeguards Technical Safeguards Administrative Safeguards Security and access restrictions to servers and equipment handling PHI. These safeguards are generally handled under the cloud provider shared responsibility model Technical controls and solutions for safeguarding PHI. Required controls include audit logging, backup, disaster recovery, and intrusion detection systems (IDS). Administrative policies that define staff training, emergency procedures and general operating procedures for handling PHI within your organization. Learn who is responsible for HIPAA safeguards in the cloud. Learn More
Public Cloud vsProprietary Platforms/PaaS Public Cloud Proprietary cloud Out of the box solution for addressing HIPAA compliance Over 100+ cloud services, to speed up development. Flexibility Infrastructure and technology. Provides technical controls for address HIPAA technical safeguards Cost efficient and instantly scalable. Provides security certifications and physical protection standards such as SOC, PCI DSS, ISO 27001, etc. Expensive as your organization scales up past a single service. Widely used and developer friendly infrastructure. Administrative policies are not available in a transparent manner. Initial configuration is required to configure the public cloud platform in a HIPAA compliant manner. Proprietary development and deployment practices Backend-as-a-Service Solutions Hybrid Infrastructure
Dash Solutions Dash provides one solution for configuring and managing HIPAA compliance in the public cloud. Unlock 100+ Amazon Web Services (AWS) for Healthcare Customized administrative policies and security program Automated compliance monitoring of your cloud environment Dash Solutions www.dashsdk.com info@dashsdk.com