More

    Ten-point Checklist to Find out if Your Cloud Provider Is HIPAA-ready

    If you’re a Covered Entity under HIPAA, you may be torn between moving your data into the cloud or continuing to maintain it in your own data center. Either way, you must be sure you’re complying with HIPAA requirements. 

    For highly regulated industries like healthcare with strict compliance requirements, the cloud presents a particular challenge.  “When it comes to the cloud, privacy and security is a big deal for Covered Entities,” says Von Williams, security analyst for Logicalis.  “While it remains the ultimate responsibility of the Covered Entity to comply with HIPAA, there are policies and procedures that a cloud provider can have in place to lift the burden of securing at-rest and in-transit data from the shoulders of the Covered Entity.”  The key, Williams says, is in knowing what to look for.

    To help IT pros assess a potential cloud provider’s HIPAA readiness, Logicalis has developed a 10-point checklist addressing privacy and security of healthcare data.

    Ten-point Checklist to Find out if Your Cloud Provider Is HIPAA-ready - slide 1

    Click through for a 10-point checklist to assess whether a potential cloud provider is HIPAA-ready, as identified by Logicalis.

    Ten-point Checklist to Find out if Your Cloud Provider Is HIPAA-ready - slide 2

    Your cloud provider must have a security program that meets the specific policies and procedures required by HIPAA.

    Ten-point Checklist to Find out if Your Cloud Provider Is HIPAA-ready - slide 3

    Your cloud provider should have a dedicated person on-site at the cloud provider whose job is to be responsible for matching the provider’s offerings with HIPAA’s requirements.

    Ten-point Checklist to Find out if Your Cloud Provider Is HIPAA-ready - slide 4

    It is vital that your cloud provider has access controls in place that include electronic identification and limit physical on-site data access to a restricted list of people.

    Ten-point Checklist to Find out if Your Cloud Provider Is HIPAA-ready - slide 5

    Unless the provider is processing your data, the cloud provider cannot offer security at the point of input, but it can ensure that the transfer of that data to and from the cloud is encrypted and, therefore, secure.

    Ten-point Checklist to Find out if Your Cloud Provider Is HIPAA-ready - slide 6

    If the cloud provider is storing healthcare data on hard drives, that data must be encrypted and each drive accounted for at all times. That includes any backup copies of the data as well.

    Ten-point Checklist to Find out if Your Cloud Provider Is HIPAA-ready - slide 7

    For cloud providers to be HIPAA-ready, daily operational procedures that log and monitor the data in the cloud 24/7 looking for any suspicious activities are a must.

    Ten-point Checklist to Find out if Your Cloud Provider Is HIPAA-ready - slide 8

    In case of a security breach, cloud providers must have an incident response process that includes procedures for containing the incident and notification of Covered Entities in accordance with HITECH.

    Ten-point Checklist to Find out if Your Cloud Provider Is HIPAA-ready - slide 9

    A cloud provider should have a plan to address the recovery or continuation of technology infrastructure critical to a Covered Entity after a natural or human-induced disaster.

    Ten-point Checklist to Find out if Your Cloud Provider Is HIPAA-ready - slide 10

    Know where your data is located; choose a cloud provider that stores your data on a server in the United States. If your data is on servers residing in foreign countries, the data may be subject to search by the foreign governments in those countries.

    Ten-point Checklist to Find out if Your Cloud Provider Is HIPAA-ready - slide 11

    Make sure you choose a cloud provider that has a proven track record of successfully managing cloud services for other healthcare clients. You want a provider that has a security awareness program for its entire organization in place so everyone there is on board.

    Latest Articles