Is your cloud provider HIPAA compliant? Here is how 3 suppliers stack up

  • Small
  • Medium
  • Large

As more businesses turn to the cloud to host their data, understanding HIPAA and ensuring the selected cloud solution is compliant becomes a necessity, according to CSO Online.

While there is no HIPAA cloud service provider certification, following a detailed implementation scheme can foster the security and privacy required by HIPAA. Under this shared responsibility model, the cloud service provider tackles the security of the cloud while the client organization handles protecting the cloud, according to CSO Online.

In these types of cloud agreements, cloud providers are considered conduits by HHS, which means they often serve as business associates, and any business associate that works with a healthcare organization must meet the same standards. If the organization transfers work to a business associate, the organization still remains liable and responsible.

Here is how the top three cloud vendors stack up in regards to HIPAA compliance, listed here in alphabetical order.

Amazon. Since HIPAA compliance requires data be encrypted during uploading and downloading, Amazon Web Services uses 256-bit or stronger Advanced Encryption Standard as a default. AWC WorkDocs is HIPAA eligible, meaning settings can be configured to make it comply.

Google. Google uses 128-bit or stronger AES to protect data. However, HIPAA-covered healthcare organizations cannot use Google's G Suite to store protected health information without a business agreement in place. Once such agreement is established, it is the responsibility of the organization using the service to ensure that HIPAA is followed.

Microsoft. Microsoft's Azure uses 256-bit or stronger AES. Several versions, including Office 365, Office 365 U.S. Government and Office 365 U.S. Government Defense, are covered by Microsoft's business associate agreement, meaning work can be transferred to the services, but the liability is still on the HIPAA-covered entity. Additional, Office 365 can be configured to abide by HIPAA, if the appropriate settings, access controls and permissions are in place.

More articles on cybersecurity:

Ransomware detections up 90%: 3 study insights

Allscripts restores services

Microsoft calls for 'Digital Geneva' in wake of high profile cyberattacks

Copyright © 2021 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.


Featured Whitepapers

Featured Webinars