What Makes The Cloud HIPAA Compliant?

Many public cloud platforms can be configured for use in healthcare applications.
Specific safeguards must me addressed for managing and monitoring HIPAA compliance.

HIPAA compliance is a joint effort between cloud providers and your organization. It is a constant process of review, monitoring, and maintaining.

Public cloud providers such as Google Cloud Platform (GCP) and Amazon Web Services (AWS) typically provide Business Associates Agreement (BAA) that dictates specific cloud services may be configured for HIPAA compliance and layout technical and physical safeguards.

It is the responsibility of the organization to properly configure their cloud environment, create organizational policies, and develop applications that meet HIPAA compliance standards.

The Shared Responsibility Model

Unpacking the requirements for maintaining HIPAA compliance in the public cloud

public cloud platform hipaa responsibilities

Cloud Provider Responsibilities

Cloud platforms are responsible for security and compliance OF the cloud.

  • Physical Access Controls
  • Data Access and Disposal
  • Internal Networking

organization hipaa responsibilities

Your Responsibilities

Your organization is responsible for security and compliance IN the cloud.

  • Staff and Organizational Policies
  • Backup and Disaster Recovery
  • Service Availability and Failover
  • Auditing and Logging
  • Firewall Configuration
  • Data Storage and Encryption Policies