Data Structure
Networking
RDBMS
Operating System
Java
MS Excel
iOS
HTML
CSS
Android
Python
C Programming
C++
C#
MongoDB
MySQL
Javascript
PHP
Physics
Chemistry
Biology
Mathematics
English
Economics
Psychology
Social Studies
Fashion Studies
Legal Studies
- Selected Reading
- UPSC IAS Exams Notes
- Developer's Best Practices
- Questions and Answers
- Effective Resume Writing
- HR Interview Questions
- Computer Glossary
- Who is Who
Essential Steps to HIPAA-Compliant Cloud Hosting
HIPAA is a United States National standardized act that prevents the misuse of a patient’s health information. Every single health−related enterprise in the US must abide by these regulations. Being HIPAA compliant in the context of the cloud requires complying to following a set of rules and ensuring no data leakage occurs. These rules summarized are −
Encrypting non−dynamic data.
Having a trail of audits.
Making sure no data is lost
Ensuring high (ideally 100%) Availability
Robust, layered security controls and Identity Management
Multifactor authentication for access controlling
Use of Encrypted VPNs
A Business Associate Agreement (BAA) is mandatory
Additionally, SSL certificates and SSAE 18 certificates are recommended.
Steps for becoming HIPAA-Compliant
Although one can never say for certain whether a website is HIPAA compliant or not because there is no official HIPAA certification, there are still some important actions to follow in pursuing HIPAA Compliance.
Step 1 − Have a Robust Firewall and Security Management System.
HIPAA Compliance requires system−wide firewalls, as well as an Identity Management system and Multifactor authentication for access. For this purpose, it may be a better idea to use a HIPAA−compliant Infrastructure as a Service to handle the security.
Step 2 − Avoid the Usage of Public or Hybrid Clouds
Using public clouds often leads to many security vulnerabilities. To avoid those, it is better to get a dedicated server.
Step 3 − Secured communications through VPNs
The entire process of sending and receiving data should be secured through an encrypted VPN tunnel.
Step 4 − Auditing of every action performed
Every action performed on the data must be securely audited, documented, and stored in a ledger
Step 5 − Ensuring 100% availability
Another check of the HIPAA guidelines is that there should be a 100% uptime of the server so that patients and hospitals can have 24x7 access to the data, with no interruption whatsoever. For this, it is always recommended to have one or more servers serving as an extra, just so that if one server fails, there is still no downtime.
Step 6 − Agreements and Certifications
HIPAA requires that the Business Associates, i.e., the developers, sign an agreement with the entities, i.e., the HealthCare Business using their services. This agreement is known as the BAA and must have responsibilities for the BA to ensure complete protection of the data, the BA shall not use any of the data stored, and the BAA follows all the required HIPAA regulations.
SSL Certificate − Secure Sockets Layer (SSL) is a digital certificate that authenticates a website’s identity.
SSAE Certificate − The Statement on Standards for Attestation Engagements 18 Certificate is a service standard for auditing organizations
Step 7 − Backing up data
HIPAA also requires that the non−dynamic data must be secured and stored at an offsite location that is also HIPAA Compliant.
Step 8 − Disposal of Data
Data that is no longer of use should be deleted so there is no chance of recovering it.
Step 9 − Periodic assessments
All of the above steps must be periodically assessed, and the assessment process must be well documented.
Conclusion
HIPAA Compliance can initially seem quite troublesome, but it is just about having secure data and maintaining the patient's privacy. These security features are pretty industry standard for any application, not just healthcare applications. These can also be automated, but as an extra measure, it is recommended for a human to supervise these factors.
213 Views
