What Makes The Cloud HIPAA Compliant?
Many public cloud platforms can be configured for use in healthcare applications.
Specific safeguards must me addressed for managing and monitoring HIPAA compliance.
Written policies and procedures, staff training, contingency planning, monitoring and policy review
Encryption, data integrity, authentication, backup and failover, auditing and logging
Physical access controls, employee access, server, storage, and infrastructure setup
HIPAA compliance is a joint effort between cloud providers and your organization.
It is a constant process of review, monitoring, and maintaining.
Public cloud providers such as Google Cloud Platform (GCP) and Amazon Web Services (AWS) typically provide Business Associates Agreement (BAA) that dictates specific cloud services may be configured for HIPAA compliance and layout technical and physical safeguards.
It is the responsibility of the organization to properly configure their cloud environment, create organizational policies, and develop applications that meet HIPAA compliance standards.
The Shared Responsibility Model
Unpacking the requirements for maintaining HIPAA compliance in the public cloud