yachtwithredspinnakeratfullsailonblueoceanwithclouds100682846orig

9 keys to having a HIPAA-compliant cloud

Health care organizations are increasingly open to the idea of using public cloud services, whether it be applications or infrastructure. But to do so requires thorough planning and vigilant execution of IT operations.

+ RELATED STORY: Why this hospital is moving to Amazon’s cloud +

Chris Bowen, founder and chief privacy and security officer for ClearDATA, a company that helps health care organizations use public cloud services, provides nine examples of controls that can be put in place.

  1. Implement audit controls: Use tools such as AWS’ Cloudtrail and S3 buckets as key components of a logging infrastructure.
  2. Review system activity: Leverage audit logs to enable the review of activity within your system.
  3. Identity and Access management controls: Keep track of every user who logs into a cloud environment and what they do; alert administrators if settings are changed. 
  4. Disaster recovery: Ensure there are backups of all data to satisfy contingency plan requirements, including emergency mode operation.
  5. Evaluate your security posture: Conduct vulnerability scans, penetration tests, and code scans on systems processing Personal Health Information (PHI).
  6. Establish a proper Business Associate Agreement: Outline key responsibilities between you and your vendors. These should address responsibilities for keeping data safe, how to provide patients with access to their data, and what to do in the case of a data breach.
  7. Access Controls: Ensure users are unique and logged. Enable auto logoff features, robust authentication features, and stateful security groups.
  8. Encrypt PHI and other sensitive data: Encrypt all data in motion and in rest using a purpose-designed approach.
  9. Ensure transmission security: Effectively enable the proper encryption of data in transit using AES 256 encryption (SSL and TLS) as well as object keys where feasible.
IDG Insider

PREVIOUS ARTICLE

« Five Google Photos tips for finding, organizing, and sharing all your pictures

NEXT ARTICLE

Huawei Matebook vs. Microsoft's Surface Pro 4 in a tablet showdown »
author_image
IDG Connect

IDG Connect tackles the tech stories that matter to you

  • Mail

Recommended for You

How to (really) evaluate a developer's skillset

Adrian Bridgwater’s deconstruction & analysis of enterprise software

Unicorns are running free in the UK but Brexit poses a tough challenge

Trevor Clawson on the outlook for UK Tech startups

Cloudistics aims to trump Nutanix with 'superconvergence' play

Martin Veitch's inside track on today’s tech trends

Poll

Is your organization fully GDPR compliant?