{"id":2224,"date":"2011-04-19T04:16:00","date_gmt":"2011-04-19T04:16:00","guid":{"rendered":"https:\/\/www.empowerbpo.com\/blog\/?p=2224"},"modified":"2023-03-20T07:16:57","modified_gmt":"2023-03-20T07:16:57","slug":"is-your-cloud-provider-hipaa-compliant","status":"publish","type":"post","link":"https:\/\/www.empowerelearning.com\/blog\/is-your-cloud-provider-hipaa-compliant\/","title":{"rendered":"Is your cloud provider HIPAA compliant?"},"content":{"rendered":"<p><img decoding=\"async\" class=\"alignleft size-full wp-image-2225\" src=\"https:\/\/www.empowerbpo.com\/blog\/wp-content\/uploads\/2018\/04\/hipaa_compliance_seal.gif\" alt=\"Is your cloud provider HIPAA compliant?\" width=\"128\" height=\"128\" \/>If you\u2019re a Covered Entity under\u00a0<a href=\"https:\/\/www.empowerelearning.com\/online-hipaa-training\/\"><b>HIPAA Compliance<\/b><\/a>, you may be torn between moving your data into the cloud or maintaining it the old-fashioned way \u2013 in your own data center. Either way, you must be sure you\u2019re complying with HIPAA requirements.<br \/>\nLogicalis has developed a 10-point checklist addressing privacy and security of healthcare data.<\/p>\n<p><strong>(1) Policies.<\/strong>\u00a0Your cloud provider must have a security program that meets the specific policies and procedures required by HIPAA.<br \/>\n<strong>(2) People.<\/strong>\u00a0Your cloud provider should have a dedicated person on-site at the cloud provider whose job is to be responsible for matching the provider\u2019s offerings with HIPAA\u2019s requirements.<br \/>\n<strong>(3) Access Controls.<\/strong>\u00a0It is vital that your cloud provider has access controls in place that include electronic identification and limit physical on-site data access to a restricted list of people.<br \/>\n<strong>(4) Encrypted Data in Transit.<\/strong>\u00a0Unless the provider is processing your data, the cloud provider cannot offer security at the point of input, but it can ensure that the transfer of that data to and from the cloud is encrypted and, therefore, secure.<br \/>\n<strong>(5) Encrypted Data at Rest.<\/strong>\u00a0If the cloud provider is storing healthcare data on hard drives, that data must be encrypted and each drive accounted for at\u00a0all times. That includes any backup copies of the data as well.<br \/>\n<strong>(6) Monitoring.<\/strong>\u00a0For cloud providers to be HIPAA-ready, daily operational procedures that log and monitor the data in the cloud 24\/7 looking for any suspicious activities are a must.<br \/>\n<strong>(7) Breach Notification.<\/strong>\u00a0In case of a security breach, cloud providers must have an incident response process that includes procedures for containing the incident and notification of Covered Entities in accordance with HITECH.<br \/>\n<strong>(8) Disaster Recovery.<\/strong>\u00a0A cloud provider should have a plan to address the recovery or continuation of technology infrastructure critical to a Covered Entity after a natural or human-induced disaster.<br \/>\n<strong>(9) Data Location.<\/strong>\u00a0Know where your data is located; choose a cloud provider that stores your data on a server in the United States. If your data is on servers residing in foreign countries, the data may be subject to search by the foreign governments in those countries.<br \/>\n<strong>(10) Experience and Organization-Wide Awareness.<\/strong>\u00a0Make sure you choose a cloud provider that has a proven track record of successfully managing cloud services for other healthcare clients. You want a provider that has a security awareness program for its entire organization in place so everyone there is on board<\/p>\n<div dir=\"ltr\">\n<p>This article was originally posted at\u00a0<a href=\"https:\/\/www.chiroeco.com\/is-your-cloud-provider-hipaa-compliant\/\" rel=\"nofollow noopener\" target=\"_blank\">Is your cloud provider HIPAA compliant?<\/a><\/p>\n<\/div>\n<div><\/div>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>If you\u2019re a Covered Entity under\u00a0HIPAA Compliance, you may be torn between moving your data into the cloud or maintaining it the old-fashioned way \u2013 in your own data center. Either way, you must be sure you\u2019re complying with HIPAA requirements. Logicalis has developed a 10-point checklist addressing privacy and security of healthcare data. (1) [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[12,27,28,30,37],"class_list":["post-2224","post","type-post","status-publish","format-standard","hentry","category-hipaa","tag-elearning","tag-hipaa-compliance","tag-hipaa-compliance-training","tag-hipaa-training","tag-security-compliance"],"_links":{"self":[{"href":"https:\/\/www.empowerelearning.com\/blog\/wp-json\/wp\/v2\/posts\/2224","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.empowerelearning.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.empowerelearning.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.empowerelearning.com\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.empowerelearning.com\/blog\/wp-json\/wp\/v2\/comments?post=2224"}],"version-history":[{"count":0,"href":"https:\/\/www.empowerelearning.com\/blog\/wp-json\/wp\/v2\/posts\/2224\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.empowerelearning.com\/blog\/wp-json\/wp\/v2\/media?parent=2224"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.empowerelearning.com\/blog\/wp-json\/wp\/v2\/categories?post=2224"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.empowerelearning.com\/blog\/wp-json\/wp\/v2\/tags?post=2224"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}