Healthcare Information Security

Cloud News

How to Stay HIPAA Compliant When Using Your Healthcare Cloud

By Bill Kleyman

- The proliferation of healthcare cloud computing has allowed so many organizations to extend their environments, utilize more flexible resources, and empower their users. New types of cloud models have allowed the seamless transition of vast data points throughout the globe. But here is where we met one of our greatest cloud roadblocks: Compliance, regulations, and security.


For some enterprise shops, moving to the cloud was a no-brainer. But what were massive healthcare shops supposed to do?

Cloud 1.0 was considered by many as an uncontrolled front expanding very rapidly. There weren’t many policies in place, there were way too many technologies trying to make an impact – and any organization bound by compliance was very hesitant to even approach a cloud platform. How times have changed.

Compliance in the cloud for healthcare organizations is now a direct possibility. Let’s look at a few examples:

Cloud Data Collaboration for Healthcare: File and data collaboration – also known as the “Dropbox challenge” – has really crept up on the healthcare industry. In fact, HIPAA compliance in general can be a cloud nightmare. And so, a recent change to HIPAA (the Omnibus Rule) now allows for the creation of a business associate (BA). This is any organization that has more than just transient access to data (FedEx, UPS, USPS – for example). One organization took the time to sign the business associate agreement (BAA), which allows them to take on additional liability to manage protected healthcare information (PHI). This organization, Citrix and ShareFile Cloud for Healthcare solution allows healthcare organizations to collaborate with their data both on-premises and in the cloud.

Public Cloud for Healthcare: If you’re a healthcare organization – and you’re looking for cloud options – there’s good news for you. Amazon AWS now offers HIPAA-compliant services for healthcare organizations hosting data within their cloud environment. AWS enables covered entities and their business associates subject to the U.S. Health Insurance Portability and Accountability Act (HIPAA) to leverage the secure AWS environment to process, maintain, and store protected health information and AWS will be signing business associate agreements with such customers. For example, as Amazon’s recent HIPAA white paper explains:

HIPAA’s Security Rule includes addressable implementation specifications regarding the encryption of PHI in transmission (“in-flight”) and in storage (“at-rest”). The same data encryption mechanisms used in a traditional computing environment, such as a local server or a managed hosting server, also can be used in a virtual computing environment, such as Amazon EC2 and Amazon S3. Amazon EC2 provides the customer with full root access and administrative control over virtual servers. To protect data security during electronic transmission, files containing PHI should be encrypted using technologies such as 256-bit AES algorithms. Furthermore, to reduce the risk of exposing PHI and to reduce bandwidth usage, any data, including PHI, not required by applications running in the cloud should be removed prior to transmission.

Private Cloud for Healthcare: New technologies are allowing your healthcare organization to create powerful private healthcare cloud models which remain HIPAA compliant. Software-defined solutions allow for network, storage, and even data abstraction to create true multi-tenancy within your own data center. This means that compliancy-bound information can be segmented from any other node on a network. Furthermore, data abstraction allows you to completely control the flow of data regardless of the backend physical architecture. Private cloud solutions revolve around powerful technologies like Citrix and VMware and their ability to deploy rich applications.

Cloud computing has really come a long way. New government regulations and advanced security have allowed more organizations to deploy solutions within a cloud infrastructure. Remember, modern cloud offerings now span much more than just HIPAA. Cloud providers are now becoming compliant around SOX, PCI/DSS, ISO, FedRAMP, FIPS, DoD, CSA, MPAA, and more. Take the time to explore various healthcare cloud options to help optimize your infrastructure, improve data delivery, and do so while still being compliant.





SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...