1 / 6

Selecting a HIPAA Compliant Cloud - Dash Solutions

Digital health and healthcare organizations must implement proper HIPAA safeguards when handling protected health information (PHI). We walk through some of the requirements and best practices for selecting a HIPAA compliant cloud. Learn about some of the options for HIPAA compliant infrastructure and managing HIPAA compliance.<br><br>Dash has helped many organizations manage HIPAA compliance in Amazon Web Services (AWS) and the public cloud. Visit us at www.dashsdk.com

Download Presentation

Selecting a HIPAA Compliant Cloud - Dash Solutions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Selecting A HIPAA Compliant Cloud www.dashsdk.com

  2. Do We Need To Comply With HIPAA? What are identifiers of protected health information (PHI) ? Learn More If Your Organization… • Is considered a covered entity such as a – healthcare provider, health plan, health service or healthcare clearinghouse • Is considered a business associate (BA) that interacts with a covered entity such as a – healthcare vendor, digital health, etc • Handles data that contains personally identifiable information (HIPAA identifiers) Your organization must follow HIPAA Requirements If Your Organization… • Your organization does not use protected health information (PHI) • Will not interact with data from healthcare providers, services, and other entities • Uses de-identified protected health information (PHI) Your organization does not need to comply with HIPAA

  3. Questions To Consider 1 Who will be appointed as your security officer and/or privacy officer? Your organization must identify which individual(s) will be responsible for configuring your team’s security program and maintaining compliance policies and technical controls. 2 What technologies will your team implement and scale? What backend and frontend services need to be used with your software solution. Does your organization plan launch your own database servers or use a platform like Amazon Relational Database Service (RDS)? 3 What 3rd party services be used with protected health information (PHI)? Your organization must sign a business associates agreement (BAA) with all 3rd party services and SaaS software that interacts with protected health information (PHI). This includes email services, cloud storage, and other web services that you decide to use with PHI.

  4. HIPAA Compliance Safeguards Physical Safeguards Technical Safeguards Administrative Safeguards Security and access restrictions to servers and equipment handling PHI. These safeguards are generally handled under the cloud provider shared responsibility model Technical controls and solutions for safeguarding PHI. Required controls include audit logging, backup, disaster recovery, and intrusion detection systems (IDS). Administrative policies that define staff training, emergency procedures and general operating procedures for handling PHI within your organization. Learn who is responsible for HIPAA safeguards in the cloud. Learn More

  5. Public Cloud vsProprietary Platforms/PaaS Public Cloud Proprietary cloud Out of the box solution for addressing HIPAA compliance Over 100+ cloud services, to speed up development. Flexibility Infrastructure and technology. Provides technical controls for address HIPAA technical safeguards Cost efficient and instantly scalable. Provides security certifications and physical protection standards such as SOC, PCI DSS, ISO 27001, etc. Expensive as your organization scales up past a single service. Widely used and developer friendly infrastructure. Administrative policies are not available in a transparent manner. Initial configuration is required to configure the public cloud platform in a HIPAA compliant manner. Proprietary development and deployment practices Backend-as-a-Service Solutions Hybrid Infrastructure

  6. Dash Solutions Dash provides one solution for configuring and managing HIPAA compliance in the public cloud. Unlock 100+ Amazon Web Services (AWS) for Healthcare Customized administrative policies and security program Automated compliance monitoring of your cloud environment Dash Solutions www.dashsdk.com info@dashsdk.com

More Related