The HIPAA Security Rule: Cloudy Skies Ahead?

Save this PDF as:

Size: px
Start display at page:

Download "The HIPAA Security Rule: Cloudy Skies Ahead?"

Transcription

1 The HIPAA Security Rule: Cloudy Skies Ahead? Presented and Prepared by John Kivus and Emily Moseley Wood Jackson PLLC

2 HIPAA and the Cloud In the past several years, the cloud has become an increasingly popular way for both individuals and companies to store and manage their data and IT needs. Dozens of cloud computer providers now populate the landscape, including Amazon, Box (formerly Box.net), Citrix, Dropbox, Google, Microsoft, and SpiderOak. Many individuals and companies, however, may have entered the cloud without fully understanding what precisely it is or, more accurately, the many things it may be. Recent modifications to the HIPAA Security Rule resulting from the Health Information Technology for Economic and Clinical Health Act ( HITECH ) mean that any entity relying on the cloud to host electronic protected health information ( ephi ), can no longer simply have its head in the clouds regarding whether their cloud computing arrangements meet the requirements of the HIPAA Security Rule. The Cloud The National Institute of Standards and Technology (NIST) broadly defines cloud computing as a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction. To be considered part of the cloud, the NIST requires the following essential characteristics: On-demand self-service: a consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service provider; 1

3 Broad network access: capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms; Resource pooling: the provider s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a sense of location independence in that the customer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction; Rapid elasticity: capabilities can be elastically provisioned and released, in some cases automatically, to scale rapidly outward and inward commensurate with demand. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be appropriated in any quantity at any time; and Measure service: cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service. Resource usage can be monitored, controlled, and reported, providing transparency for both the provider and consumer of the utilized service. Cloud providers can provide those essential characteristics through different types of offerings, including: Software as a Service (SaaS): the capability provided to the consumer is to use the provider s applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web 2

4 browser, or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited userspecific application configuration settings; Platform as a Service (PaaS): the capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment; and Infrastructure as a Service (IaaS): the capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components. Cloud providers deploy these offerings several different ways, including the following: Public Cloud: the cloud infrastructure is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the 3

5 cloud provider; Private Cloud: the cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers. It may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises; Community Cloud: the cloud infrastructure is provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns. It may be owned, managed, and operated by one or more of the organizations in the community, a third party, or some combination of them, and it may exist on or off premises; Hybrid Cloud: the cloud infrastructure is a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability. The HIPAA Security Rule Before examining the interplay of the HIPAA Security Rule and the cloud, it is helpful to take a step back and take a brief look at the HIPAA Security Rule, found at 45 CFR 164, and who must comply with it. Perhaps obviously, covered entities must comply with the HIPAA Security Rule. While business associates have long had to comply with the HIPAA Rules by virtue of their contractual obligations with covered entities, they are now obligated to do so as well by recent modifications to the HIPAA regulations. As explained below, this now means that cloud providers maintaining data on behalf of 4

6 covered entities (or a business associate) generally will be considered business associates and subject to the Security Rule. Health plans, clearing houses, and healthcare providers that transmit any health information in electronic form in connection with a transaction covered by HIPAA are deemed to be covered entities. Health plans provide or pay for the cost of medical care and include insurers, HMOs, Medicare, Medicaid, employee welfare benefit plans, and issuers of long-term care policies. Healthcare clearing houses either (a) process health information received from one entity in a nonstandard format (or containing nonstandard data) into standard elements transaction or (b) receive a standard transaction from another entity and then process the health information into nonstandard format or data from the receiving company. As a result, they include everything from billing services to community health information systems. Healthcare providers, as the term suggests, furnish, bill, or are paid for healthcare in the normal course of business. While this definition may seem clear, it broadly extends to preventative, diagnostic, therapeutic, rehabilitative, maintenance, or palliative care, as well as counseling, service, assessment, or procedures with respect to the physical or mental condition of an individual. Healthcare also includes the sale or dispensing of a drug, device, equipment, or other item pursuant to a prescription. Accordingly, doctors, clinics, psychologists, dentists, chiropractors, nursing homes, and pharmacies are all deemed healthcare providers but are subject to the HIPAA Security Rule only if they transmit any information in electronic form. 5

7 Business associates are those who create, receive, maintain, or transmit protected health information on behalf of a covered entity. Recent modifications to the HIPAA regulations expanded the definition of a business associate and made many of the provisions of the HIPAA Rules apply directly to business associates in the same manner as covered entities. Despite extending much of the Security Rule directly to business associates, covered entities must continue to have agreements in place with their business associates, providing satisfactory assurances that the business associate will safeguard any electronic protected health information and comply with the applicable parts of the Security Rule. Business associates must have similar contracts or arrangements in place with their own subcontractors that create, receive maintain, or transmit electronic protected health information and that are therefore business associates themselves. A wide range of activities that are closely integrated with the day-to-day operations of covered entities can render a company a business associate, such as claim processing, data analysis, utilization review, quality assurance, patient safety activities, billing, benefit management, practice management, and repricing. The regulatory definition of business associate, however, extends much further, to include those who provide legal, accounting, consulting, management, administrative, accreditation, or financial services to a covered entity. Health information organizations, e-prescribing gateways, organizations that facilitate data transmission, and vendors of personal health records (on behalf of covered entities) are deemed business associates under the modified HIPAA regulations. 6

8 As the Department of Health and Human Services explained when promulgating the modified HIPAA Rules, it will continue to recognize a narrow conduit exception for courier services, like the United States Postal Service, which transport information, but do not have access to it except on a very infrequent basis. The conduit exception, while narrow, extends to the electronic equivalent of the U.S. Postal Service, such as internet service providers, that provide only data transmission services. To fall within the exception, however, the data transmission service must only transmit the data and not have access to it, except on a random or infrequent basis. Temporary storage of transmitted data incident to the transmission will not remove a data transmission service from the conduit exception. A company that maintains electronic protected health information on behalf of a covered entity (or as a subcontractor of a business associate), however, cannot avail its of the conduit exception, even if it does not actually view the information. Electronic document and data storage companies maintaining electronic protected health information on behalf of covered entities will be considered business associates. As a result, cloud providers are considered business associates if they store or maintain electronic protected health information. This means that all levels of a given cloud technology stack (e.g., the provider that houses the data, the provider that houses the application that utilizes the ephi information, etc) could be, and likely are, considered business associates under the Security Rule. Consequently, it is increasingly important to understand not just who cloud providers are, but where and how the providers store and transmit the information. 7

9 Covered entities and business associates must comply with HIPAA s security standards for electronic protected health information. Both covered entities and business associates, must: (1) ensure the confidentiality, integrity, and availability of all electronic protected health information that it creates, receives, maintains, or transmits; (2) protect against any reasonably anticipated threats or hazards to the security or integrity of such information; (3) protect against any reasonably anticipated uses or disclosures of such information that are not permitted or required; and (4) ensure compliance with this subpart by its workforce. It is questionable, however, whether any entity can ensure the confidentiality of electronically stored information or that every member of its workforce will comply with his or her confidentiality obligations. Moreover, while the Security Rule clearly articulates what covered entities and business associates must do to protect ephi, it does not provide much in the way of detail with regard to how they should do it. Causing additional room for uncertainty, HIPAA expressly authorizes a flexible approach to the Security Rule, permitting the use of any security measures that allow the covered entity or business associate to reasonably and appropriately implement the standards and implementations (of the Security Rule). It is tempting, therefore, to simply outsource as much IT as possible, sending it to the cloud. While HIPAA may permit the off-sourcing of IT tasks or services, it does not permit the off-sourcing of responsibility for HIPAA compliance. The HIPAA Security Rule requires that all covered entities and business associates implement policies and procedures to prevent, detect, contain, and correct security violations. This, in turn, 8

10 requires an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information. Any such assessment should now include an understanding of the risks of storing protected health information in the cloud generally and the specific security risks and safeguards of the chosen cloud provider. The risks associated with storing electronic protected health information in the cloud are not dissimilar from the risks associated with storing electronic protected health information locally. They include user error, system failure and susceptibility to outside intrusion. Putting the information in the cloud does not remove those risks, nor, in most cases, does it increase those risks. Instead, cloud based electronic protected health information requires different analysis when evaluating the risks. As a general rule, in order to help protect electronic protected health information it is important to (i) properly configure networks, particularly wireless ones; (ii) properly implement encryption of data; (iii) assign appropriate user access roles; and (iv) develop an appropriate bring your own devices (BYOD) policy. Other steps, however, may also be needed to comply with the requirements of the HIPAA Security Rule. Therefore, the relationship as outlined by the contracts between the various cloud providers and the organization must be carefully examined and understood. This means knowing a number of things about the entire cloud technology stack, including, but not limited to, (i) at what cloud provider is the electronic protected health information actually stored, (ii) how is that provider encrypting and/or otherwise restricting access to that electronic protected health information, and (iii) how is the electronic protected health information being transmitted 9

11 between providers and end uses and what types of access control, encryption and other security are being applied during that transmission. Covered entities and business associates must allow only authorized individuals access to electronic protected health information and must implement procedures to verify that a person or entity seeking access to ephi is the one claimed. Required measures include unique user names or numbers to identify and track user identity. Relatedly, user passwords should meet requirements with respect to (i) length, (ii) complexity, (iii) variation, and (iv) variety. Microsoft publishes its current recommendations with respect to those requirements (see, and also provides at password strength checker to test potential passwords (see, When a formerly authorized individual leaves an organization (or is transitioned to a role where her or she no longer requires access to ephi), his or her user account should be updated so that it no longer allows access to ephi. When using platform and infrastructure cloud providers, it is important to remember that traditional access rule standards still apply. In other words, it is important to consider who within your organization should have access to the "close to the metal" services such as the filesystem, the database, and user management and understand how will these peoples activities be tracked. Relatedly, it is important to understand which provider in the technology stack will be responsible for monitoring the stack for vulnerabilities and/or intrusions, as well as keeping each level of the stack up to date (e.g., will the cloud 10

12 provider be responsible for providing updates to the underlying operating system or will that be something that will require a separate IT consultant?) The Security Rule requires that covered entities and business associates establish and implement as needed contingency plans in the event of an emergency, disaster, or other event that damages systems that contain electronic protected health information. Any such plan must include data backup, disaster recovery, and emergency mode operation (for the protection of the security of ephi while operating in disaster mode). Covered entities and business associates must also ensure that electronic protected health information is not altered, modified, or destroyed. Having data stored with a cloud provider may mean that an organization does not need to have as robust system of local backups both on and off site, but it does not mean that the principles of good backups no longer apply. Instead, the organization must understand how the cloud provider backs up information (including frequency, redundancy, and verification), and how easy it is for the organization to access those backups when necessary. Furthermore, an organization must understand how a cloud provider's policies with regard to data access and backups could be impacted by natural disasters and other unforeseeable events. The Security Rule requires a regular review of records of information system activity, such as audit logs, access reports, and security incident tracking reports. Suspected or known security incidents must be identified, responded to, and, if possible, mitigated. It is important for organizations to understand who is responsible for monitoring the safety of their data in the cloud, when and how cloud providers will notify 11

13 it about potential security related incidents (e.g. will the cloud providers provide a control panel that displays information but that must be checked on a regular basis? Will the cloud providers send out updates in the event of a possible attack or breach? Will the cloud provider temporarily suspend service if it detects a breach attempt, in order to prevent a successful breach from occurring?) Although not mandated by the HIPAA Security Rule, entities hosting electronic protected health information in the cloud are well advised to encrypt their data. Recent Resolution Agreements between HHS and covered entities or business associates amply demonstrate the risk of loss or theft of unencrypted data. While such an event may be less likely to occur when data is housed in the cloud, as opposed to a hard drive or computer that can be lost or stolen, the failure to apply the full range of practical and available technological safeguards to electronic health information, may be viewed by regulators as part of a larger failure to assess risk, implement controls, and create a culture of compliance. The Security Rule, however, provides only a very general definition of encryption, as the use of an algorithmic process to transform data into a form in which there is a low probability of assigning meaning without use of a confidential process or key (45 CFR ). Given this high level definition it can be difficult to determine if the electronic protected health information with which covered entities and business associates have been entrusted should be encrypted or is adequately encrypted. As with most aspects of the relationship between the cloud provider and the organization, it is important to carefully review contracts and service level agreements associated with all 12

14 levels of an organization s cloud provider stack to help determine where encryption should be implemented along the stack. The NIST provides its Advanced Encryption Standard ( AES ), with up to a 256-bit key, as a standard for how important data should be encrypted. Cloud computing provides a number of advantages and opportunities when compared to locally hosted servers. These include the ability to rapidly grow an organization s capacity without large upfront investment, to provide access to data across a variety of different platforms and from different locations, and to outsource some of the more difficult server maintenance tasks to providers who might have more experience and resources to deal with new and existing problems and threats. These benefits, however, do not come without some trade-offs, including a lack of direct control of how data is stored and protected. In the cloud is not a satisfactory answer for where and how electronic protected health information is being stored, transmitted, and used. Instead, an organization must understand its full cloud provider stack, from where the data is actually being stored through where it is displayed to authorized end users. This knowledge is different than what is necessary to repel outside network intrusions, but it is just as important when it comes to making sure an organization compiles with the various regulations that make up HIPAA s Security rule. Security Rule Audits After a brief hiatus, HHS s Office of Civil Rights is resuming HIPAA audits for fiscal year While the initial pilot phase of the audit program focused on covered entities, it appears that business associates will be covered in the next round. A recent 13

15 OIG report analyzing whether OCR met federal requirements for oversight and enforcement of the Security Rule concluded that OCR had failed to adequately assess whether audited entities had complied with the Security Rule and that OCR itself had not fully complied with cybersecurity requirements. While recognizing limitations in OCR s resources and their allocation to managing an increasing number of Security Rule investigations triggered by press reports and individual complaints, the OIG recommended that OCR perform the compliance audits mandated by HITECH to ensure Security Rule compliance. It appears likely, therefore, when these audits do begin, there will be an increased emphasis of Security Rule compliance, making it all the more important that covered entities and business associates remain mindful of meeting its requirements and keeping their heads, if not their data, out of the clouds. 14

Managing Cloud Computing Risk

Managing Cloud Computing Risk Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify

More information

See Appendix A for the complete definition which includes the five essential characteristics, three service models, and four deployment models.

See Appendix A for the complete definition which includes the five essential characteristics, three service models, and four deployment models. Cloud Strategy Information Systems and Technology Bruce Campbell What is the Cloud? From http://csrc.nist.gov/publications/nistpubs/800-145/sp800-145.pdf Cloud computing is a model for enabling ubiquitous,

More information

IS PRIVATE CLOUD A UNICORN?

IS PRIVATE CLOUD A UNICORN? IS PRIVATE CLOUD A UNICORN? With all of the discussion, adoption, and expansion of cloud offerings there is a constant debate that continues to rear its head: Public vs. Private or more bluntly Is there

More information

Cloud Computing. Course: Designing and Implementing Service Oriented Business Processes

Cloud Computing. Course: Designing and Implementing Service Oriented Business Processes Cloud Computing Supplementary slides Course: Designing and Implementing Service Oriented Business Processes 1 Introduction Cloud computing represents a new way, in some cases a more cost effective way,

More information

HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant

HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant 1 HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant Introduction U.S. healthcare laws intended to protect patient information (Protected Health Information or PHI) and the myriad

More information

HIPAA COMPLIANCE AND DATA PROTECTION. sales@eaglenetworks.it +39 030 201.08.25 Page 1

HIPAA COMPLIANCE AND DATA PROTECTION. sales@eaglenetworks.it +39 030 201.08.25 Page 1 HIPAA COMPLIANCE AND DATA PROTECTION sales@eaglenetworks.it +39 030 201.08.25 Page 1 CONTENTS Introduction..... 3 The HIPAA Security Rule... 4 The HIPAA Omnibus Rule... 6 HIPAA Compliance and EagleHeaps

More information

Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC

Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC www.fmsinc.org 1 2015 Financial Managers Society, Inc. Cloud Security Implications

More information

HIPAA Security. 1 Security 101 for Covered Entities. Security Topics

HIPAA Security. 1 Security 101 for Covered Entities. Security Topics HIPAA SERIES Topics 1. 101 for Covered Entities 2. Standards - Administrative Safeguards 3. Standards - Physical Safeguards 4. Standards - Technical Safeguards 5. Standards - Organizational, Policies &

More information

The NIST Definition of Cloud Computing

The NIST Definition of Cloud Computing Special Publication 800-145 The NIST Definition of Cloud Computing Recommendations of the National Institute of Standards and Technology Peter Mell Timothy Grance NIST Special Publication 800-145 The NIST

More information

HIPAA COMPLIANCE AND

HIPAA COMPLIANCE AND INTRONIS CLOUD BACKUP & RECOVERY HIPAA COMPLIANCE AND DATA PROTECTION CONTENTS Introduction 3 The HIPAA Security Rule 4 The HIPAA Omnibus Rule 6 HIPAA Compliance and Intronis Cloud Backup and Recovery

More information

yvette@yvetteagostini.it yvette@yvetteagostini.it

yvette@yvetteagostini.it yvette@yvetteagostini.it 1 The following is merely a collection of notes taken during works, study and just-for-fun activities No copyright infringements intended: all sources are duly listed at the end of the document This work

More information

HIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics

HIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 5. 2. Security Standards - Organizational, Security Policies Standards & Procedures, - Administrative and Documentation Safeguards

More information

The NIST Definition of Cloud Computing (Draft)

The NIST Definition of Cloud Computing (Draft) Special Publication 800-145 (Draft) The NIST Definition of Cloud Computing (Draft) Recommendations of the National Institute of Standards and Technology Peter Mell Timothy Grance NIST Special Publication

More information

HIPAA and HITECH Compliance for Cloud Applications

HIPAA and HITECH Compliance for Cloud Applications What Is HIPAA? The healthcare industry is rapidly moving towards increasing use of electronic information systems - including public and private cloud services - to provide electronic protected health

More information

BUSINESS ASSOCIATES AND BUSINESS ASSOCIATE AGREEMENTS

BUSINESS ASSOCIATES AND BUSINESS ASSOCIATE AGREEMENTS PRIVACY 27.0 BUSINESS ASSOCIATES AND BUSINESS ASSOCIATE AGREEMENTS Scope: Purpose: All subsidiaries of Universal Health Services, Inc., including facilities and UHS of Delaware Inc. (collectively, UHS

More information

HIPAA Compliance Guide

HIPAA Compliance Guide HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care

More information

East African Information Conference 13-14 th August, 2013, Kampala, Uganda. Security and Privacy: Can we trust the cloud?

East African Information Conference 13-14 th August, 2013, Kampala, Uganda. Security and Privacy: Can we trust the cloud? East African Information Conference 13-14 th August, 2013, Kampala, Uganda Security and Privacy: Can we trust the cloud? By Dr. David Turahi Director, Information Technology and Information Management

More information

Kent State University s Cloud Strategy

Kent State University s Cloud Strategy Kent State University s Cloud Strategy Table of Contents Item Page 1. From the CIO 3 2. Strategic Direction for Cloud Computing at Kent State 4 3. Cloud Computing at Kent State University 5 4. Methodology

More information

The Basics of HIPAA Privacy and Security and HITECH

The Basics of HIPAA Privacy and Security and HITECH The Basics of HIPAA Privacy and Security and HITECH Protecting Patient Privacy Disclaimer The content of this webinar is to introduce the principles associated with HIPAA and HITECH regulations and is

More information

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) Table of Contents Introduction... 1 1. Administrative Safeguards...

More information

Overview of the HIPAA Security Rule

Overview of the HIPAA Security Rule Office of the Secretary Office for Civil Rights () Overview of the HIPAA Security Rule Office for Civil Rights Region IX Alicia Cornish, EOS Sheila Fischer, Supervisory EOS Topics Upon completion of this

More information

Capability Paper. Today, aerospace and defense (A&D) companies find

Capability Paper. Today, aerospace and defense (A&D) companies find Today, aerospace and defense (A&D) companies find Today, aerospace and defense (A&D) companies find themselves at potentially perplexing crossroads. On one hand, shrinking defense budgets, an increasingly

More information

HIPAA Security Rule Compliance

HIPAA Security Rule Compliance HIPAA Security Rule Compliance Caryn Reiker MAXIS360 HIPAA Security Rule Compliance what is it and why you should be concerned about it Table of Contents About HIPAA... 2 Who Must Comply... 2 The HIPAA

More information

HIPAA Security Series

HIPAA Security Series 7 Security Standards: Implementation for the Small Provider What is the Security Series? The security series of papers provides guidance from the Centers for Medicare & Medicaid Services (CMS) on the rule

More information

The Cloud in Regulatory Affairs - Validation, Risk Management and Chances -

The Cloud in Regulatory Affairs - Validation, Risk Management and Chances - 45 min Webinar: November 14th, 2014 The Cloud in Regulatory Affairs - Validation, Risk Management and Chances - www.cunesoft.com Rainer Schwarz Cunesoft Holger Spalt ivigilance 2014 Cunesoft GmbH PART

More information

HIPAA Security Alert

HIPAA Security Alert Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information

More information

Cloud definitions you've been pretending to understand. Jack Daniel, Reluctant CISSP, MVP Community Development Manager, Astaro

Cloud definitions you've been pretending to understand. Jack Daniel, Reluctant CISSP, MVP Community Development Manager, Astaro Cloud definitions you've been pretending to understand Jack Daniel, Reluctant CISSP, MVP Community Development Manager, Astaro You keep using that word cloud. I do not think it means what you think it

More information

HIPAA Compliance Guide

HIPAA Compliance Guide HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care

More information

HIPAA Compliance and the Protection of Patient Health Information

HIPAA Compliance and the Protection of Patient Health Information HIPAA Compliance and the Protection of Patient Health Information WHITE PAPER By Swift Systems Inc. April 2015 Swift Systems Inc. 7340 Executive Way, Ste M Frederick MD 21704 1 Contents HIPAA Compliance

More information

Healthcare Compliance Solutions

Healthcare Compliance Solutions Healthcare Compliance Solutions Let Protected Trust be your Safe Harbor In the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH), the U.S. Department of Health and Human

More information

CHIS, Inc. Privacy General Guidelines

CHIS, Inc. Privacy General Guidelines CHIS, Inc. and HIPAA CHIS, Inc. provides services to healthcare facilities and uses certain protected health information (PHI) in connection with performing these services. Therefore, CHIS, Inc. is classified

More information

The Cloud vs. the Back-Office. Which is right for you?

The Cloud vs. the Back-Office. Which is right for you? The Cloud vs. the Back-Office Which is right for you? Introductions Andy Skrzypczak President NetSource One We help, guide and support frustrated and overwhelmed business owners who want Pain Free IT so

More information

Datto Compliance 101 1

Datto Compliance 101 1 Datto Compliance 101 1 Overview Overview This document provides a general overview of the Health Insurance Portability and Accounting Act (HIPAA) compliance requirements for Managed Service Providers (MSPs)

More information

White Paper on CLOUD COMPUTING

White Paper on CLOUD COMPUTING White Paper on CLOUD COMPUTING INDEX 1. Introduction 2. Features of Cloud Computing 3. Benefits of Cloud computing 4. Service models of Cloud Computing 5. Deployment models of Cloud Computing 6. Examples

More information

Healthcare Compliance Solutions

Healthcare Compliance Solutions Privacy Compliance Healthcare Compliance Solutions Trust and privacy are essential for building meaningful human relationships. Let Protected Trust be your Safe Harbor The U.S. Department of Health and

More information

Nationwide Review of CMS s HIPAA Oversight. Brian C. Johnson, CPA, CISA. Wednesday, January 19, 2011

Nationwide Review of CMS s HIPAA Oversight. Brian C. Johnson, CPA, CISA. Wednesday, January 19, 2011 Nationwide Review of CMS s HIPAA Oversight Brian C. Johnson, CPA, CISA Wednesday, January 19, 2011 1 WHAT I DO Manage Region IV IT Audit and Advance Audit Technique Staff (AATS) IT Audit consists of 8

More information

Security Is Everyone s Concern:

Security Is Everyone s Concern: Security Is Everyone s Concern: What a Practice Needs to Know About ephi Security Mert Gambito Hawaii HIE Compliance and Privacy Officer July 26, 2014 E Komo Mai! This session s presenter is Mert Gambito

More information

10/25/2012 BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH VORAPOJ.L@G-ABLE.COM. Agenda. Security Cases What is Cloud? Road Map Security Concerns

10/25/2012 BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH VORAPOJ.L@G-ABLE.COM. Agenda. Security Cases What is Cloud? Road Map Security Concerns BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH VORAPOJ.L@G-ABLE.COM Agenda Security Cases What is Cloud? Road Map Security Concerns 1 Security Cases on Cloud Data Protection - Two arrested in ipad

More information

VMware vcloud Air HIPAA Matrix

VMware vcloud Air HIPAA Matrix goes to great lengths to ensure the security and availability of vcloud Air services. In this effort VMware has completed an independent third party examination of vcloud Air against applicable regulatory

More information

Cloud Computing and HIPAA Privacy and Security

Cloud Computing and HIPAA Privacy and Security Cloud Computing and HIPAA Privacy and Security This is just one example of the many online resources Practical Law Company offers. Christine A. Williams, Perkins Coie LLP, with PLC Employee Benefits &

More information

Cloud Computing. Introduction

Cloud Computing. Introduction Cloud Computing Introduction This information leaflet aims to advise organisations which are considering engaging cloud computing on the factors they should consider. It explains the relationship between

More information

Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification

Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification Type of Policy and Procedure Comments Completed Privacy Policy to Maintain and Update Notice of Privacy Practices

More information

New HIPAA regulations require action. Are you in compliance?

New HIPAA regulations require action. Are you in compliance? New HIPAA regulations require action. Are you in compliance? Mary Harrison, JD Tami Simon, JD May 22, 2013 Discussion topics Introduction Remembering the HIPAA Basics HIPAA Privacy Rules HIPAA Security

More information

HIPAA Privacy & Security White Paper

HIPAA Privacy & Security White Paper HIPAA Privacy & Security White Paper Sabrina Patel, JD +1.718.683.6577 sabrina@captureproof.com Compliance TABLE OF CONTENTS Overview 2 Security Frameworks & Standards 3 Key Security & Privacy Elements

More information

What is Cloud Computing? First, a little history. Demystifying Cloud Computing. Mainframe Era (1944-1978) Workstation Era (1968-1985) Xerox Star 1981!

What is Cloud Computing? First, a little history. Demystifying Cloud Computing. Mainframe Era (1944-1978) Workstation Era (1968-1985) Xerox Star 1981! Demystifying Cloud Computing What is Cloud Computing? First, a little history. Tim Horgan Head of Cloud Computing Centre of Excellence http://cloud.cit.ie 1" 2" Mainframe Era (1944-1978) Workstation Era

More information

White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES

White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES CONTENTS Introduction 3 Brief Overview of HIPPA Final Omnibus Rule 3 Changes to the Definition of Business Associate

More information

Validation of a Cloud-Based ERP system, in practice. Regulatory Affairs Conference Raleigh. 8Th September 2014

Validation of a Cloud-Based ERP system, in practice. Regulatory Affairs Conference Raleigh. 8Th September 2014 Validation of a Cloud-Based ERP system, in practice. Regulatory Affairs Conference Raleigh. 8Th September What is the The Cloud Some Definitions The NIST Definition of Cloud computing Cloud computing is

More information

Joe Dylewski President, ATMP Solutions

Joe Dylewski President, ATMP Solutions Joe Dylewski President, ATMP Solutions Joe Dylewski President, ATMP Solutions Assistant Professor, Madonna University 20 Years, Technology and Application Implementation Experience Served as Michigan Healthcare

More information

AskAvanade: Answering the Burning Questions around Cloud Computing

AskAvanade: Answering the Burning Questions around Cloud Computing AskAvanade: Answering the Burning Questions around Cloud Computing There is a great deal of interest in better leveraging the benefits of cloud computing. While there is a lot of excitement about the cloud,

More information

Cloud Computing: What needs to Be Validated and Qualified. Ivan Soto

Cloud Computing: What needs to Be Validated and Qualified. Ivan Soto Cloud Computing: What needs to Be Validated and Qualified Ivan Soto Learning Objectives At the end of this session we will have covered: Technical Overview of the Cloud Risk Factors Cloud Security & Data

More information

Securing the FOSS VistA Stack HIPAA Baseline Discussion. Jack L. Shaffer, Jr. Chief Operations Officer

Securing the FOSS VistA Stack HIPAA Baseline Discussion. Jack L. Shaffer, Jr. Chief Operations Officer Securing the FOSS VistA Stack HIPAA Baseline Discussion Jack L. Shaffer, Jr. Chief Operations Officer HIPAA as Baseline of security: To secure any stack which contains ephi (electonic Protected Health

More information

Running head: TAKING A DEEPER LOOK AT THE CLOUD: SOLUTION OR 1

Running head: TAKING A DEEPER LOOK AT THE CLOUD: SOLUTION OR 1 Running head: TAKING A DEEPER LOOK AT THE CLOUD: SOLUTION OR 1 Taking a Deeper Look at the Cloud: Solution or Security Risk? LoyCurtis Smith East Carolina University TAKING A DEEPER LOOK AT THE CLOUD:

More information

HIPAA HANDBOOK. Keeping your backup HIPAA-compliant

HIPAA HANDBOOK. Keeping your backup HIPAA-compliant The federal Health Insurance Portability and Accountability Act (HIPAA) spells out strict regulations for protecting health information. HIPAA is expansive and can be a challenge to navigate. Use this

More information

Strategies for. Proactively Auditing. Compliance to Mitigate. Matt Jackson, Director Kevin Dunnahoo, Manager

Strategies for. Proactively Auditing. Compliance to Mitigate. Matt Jackson, Director Kevin Dunnahoo, Manager Strategies for 1 Proactively Auditing HIPAA Security Compliance to Mitigate Risk Matt Jackson, Director Kevin Dunnahoo, Manager AHIA 32 nd Annual Conference August 25-28, 2013 Chicago, Illinois www.ahia.org

More information

Isaac Willett April 5, 2011

Isaac Willett April 5, 2011 Current Options for EHR Implementation: Cloud or No Cloud? Regina Sharrow Isaac Willett April 5, 2011 Introduction Health Information Technology for Economic and Clinical Health Act ( HITECH (HITECH Act

More information

HIPAA Security. 4 Security Standards: Technical Safeguards. Security Topics

HIPAA Security. 4 Security Standards: Technical Safeguards. Security Topics HIPAA Security S E R I E S Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical

More information

Building Trust and Confidence in Healthcare Information. How TrustNet Helps

Building Trust and Confidence in Healthcare Information. How TrustNet Helps Building Trust and Confidence in Healthcare Information The management of healthcare information in the United States is regulated under the HIPAA (Health Insurance Portability and Accountability Act)

More information

Guidance on Risk Analysis Requirements under the HIPAA Security Rule

Guidance on Risk Analysis Requirements under the HIPAA Security Rule Guidance on Risk Analysis Requirements under the HIPAA Security Rule Introduction The Office for Civil Rights (OCR) is responsible for issuing annual guidance on the provisions in the HIPAA Security Rule.

More information

CLOUD COMPUTING GUIDELINES FOR LAWYERS

CLOUD COMPUTING GUIDELINES FOR LAWYERS INTRODUCTION Legal practices are increasingly using cloud storage and software systems as an alternative to in-house data storage and IT programmes. The cloud has a number of advantages particularly flexibility

More information

CLOUD COMPUTING, TRADE SECRET / KNOW-HOW & EUROPEAN LEGAL FRAMEWORK

CLOUD COMPUTING, TRADE SECRET / KNOW-HOW & EUROPEAN LEGAL FRAMEWORK CLOUD COMPUTING, TRADE SECRET / KNOW-HOW & EUROPEAN LEGAL FRAMEWORK AIPPI 2012 SEOUL XX October 2012 Alexandra NERI, Partner, TMT, +33 1 53 57 70 70, alexandra.neri@hsf.com TOPICS What is cloud computing?

More information

Ensuring HIPAA Compliance with eztechdirect Online Backup and Archiving Services

Ensuring HIPAA Compliance with eztechdirect Online Backup and Archiving Services Ensuring HIPAA Compliance with eztechdirect Online Backup and Archiving Services Introduction Patient privacy continues to be a chief topic of concern as technology continues to evolve. Now that the majority

More information

Why Lawyers? Why Now?

Why Lawyers? Why Now? TODAY S PRESENTERS Why Lawyers? Why Now? New HIPAA regulations go into effect September 23, 2013 Expands HIPAA safeguarding and breach liabilities for business associates (BAs) Lawyer is considered a business

More information

HIPAA Security Rule Safeguards Recommended Standards Developed by: USF HIPAA Security Team May 12, 2005

HIPAA Security Rule Safeguards Recommended Standards Developed by: USF HIPAA Security Team May 12, 2005 INTRODUCTION HIPAA Security Rule Safeguards Recommended Standards Developed by: USF HIPAA Security Team May 12, 2005 The Health Insurance Portability and Accountability Act (HIPAA) Security Rule, as a

More information

Healthcare Management Service Organization Accreditation Program (MSOAP)

Healthcare Management Service Organization Accreditation Program (MSOAP) ELECTRONIC HEALTHCARE NETWORK ACCREDITATION COMMISSION (EHNAC) Healthcare Management Service Organization Accreditation Program (MSOAP) For The HEALTHCARE INDUSTRY Version 1.0 Released: January 2011 Lee

More information

Legal Issues in the Cloud: A Case Study. Jason Epstein

Legal Issues in the Cloud: A Case Study. Jason Epstein Legal Issues in the Cloud: A Case Study Jason Epstein Outline Overview of Cloud Computing Service Models (SaaS, PaaS, IaaS) Deployment Models (Private, Community, Public, Hybrid) Adoption Different types

More information

HIPAA Security Overview of the Regulations

HIPAA Security Overview of the Regulations HIPAA Security Overview of the Regulations Presenter: Anna Drachenberg Anna Drachenberg has been assisting healthcare providers and hospitals comply with HIPAA and other federal regulations since 2008.

More information

HIPAA Security Checklist

HIPAA Security Checklist HIPAA Security Checklist The following checklist summarizes HIPAA Security Rule requirements that should be implemented by covered entities and business associates. The citations are to 45 CFR 164.300

More information

HIPAA Security. 5 Security Standards: Organizational, Policies. Security Topics. and Procedures and Documentation Requirements

HIPAA Security. 5 Security Standards: Organizational, Policies. Security Topics. and Procedures and Documentation Requirements HIPAA Security S E R I E S Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical

More information

The HIPAA Audit Program

The HIPAA Audit Program The HIPAA Audit Program Anna C. Watterson Davis Wright Tremaine LLP The U.S. Department of Health and Human Services (HHS) was given authority, and a mandate, to conduct periodic audits of HIPAA 1 compliance

More information

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS Shirley Radack, Editor Computer Security Division Information

More information

Cloud Computing Policy 1.0 INTRODUCTION 2.0 PURPOSE. Effective Date: July 28, 2015

Cloud Computing Policy 1.0 INTRODUCTION 2.0 PURPOSE. Effective Date: July 28, 2015 Cloud Computing Policy Effective Date: July 28, 2015 1.0 INTRODUCTION Cloud computing services are application and infrastructure resources that users access via the Internet. These services, contractually

More information

Executive Memorandum No. 27

Executive Memorandum No. 27 OFFICE OF THE PRESIDENT HIPAA Compliance Policy (effective April 14, 2003) Purpose It is the purpose of this Executive Memorandum to set forth the Board of Regents and the University Administration s Policy

More information

Regulatory Update with a Touch of HIPAA

Regulatory Update with a Touch of HIPAA Regulatory Update with a Touch of HIPAA Cloud Communications Alliance Quarterly Meeting Miami, January 2015 Glenn S. Richards, Partner Pillsbury Winthrop Shaw Pittman LLP Phone: 202.663.8215 glenn.richards@pillsburylaw.com

More information

TABLE OF CONTENTS. University of Northern Colorado

TABLE OF CONTENTS. University of Northern Colorado TABLE OF CONTENTS University of Northern Colorado HIPAA Policies and Procedures Page # Development and Maintenance of HIPAA Policies and Procedures... 1 Procedures for Updating HIPAA Policies and Procedures...

More information

HIPAA Compliance Review Analysis and Summary of Results

HIPAA Compliance Review Analysis and Summary of Results HIPAA Compliance Review Analysis and Summary of Results Centers for Medicare & Medicaid Services (CMS) Office of E-Health Standards and Services (OESS) Reviews 2008 Table of Contents Introduction 1 Risk

More information

WHITEPAPER XMEDIUSFAX CLOUD FOR HEALTHCARE AND HIPAA COMPLIANCE

WHITEPAPER XMEDIUSFAX CLOUD FOR HEALTHCARE AND HIPAA COMPLIANCE WHITEPAPER XMEDIUSFAX CLOUD FOR HEALTHCARE AND HIPAA COMPLIANCE INTRODUCTION The healthcare industry is driven by many specialized documents. Each day, volumes of critical information are sent to and from

More information

HIPAA/HITECH PRIVACY & SECURITY CHECKLIST SELF ASSESSMENT INSTRUCTIONS

HIPAA/HITECH PRIVACY & SECURITY CHECKLIST SELF ASSESSMENT INSTRUCTIONS HIPAA/HITECH PRIVACY & SECURITY CHECKLIST SELF ASSESSMENT INSTRUCTIONS Thank you for taking the time to fill out the privacy & security checklist. Once completed, this checklist will help us get a better

More information

State HIPAA Security Policy State of Connecticut

State HIPAA Security Policy State of Connecticut Health Insurance Portability and Accountability Act State HIPAA Security Policy State of Connecticut Release 2.0 November 30 th, 2004 Table of Contents Executive Summary... 1 Policy Definitions... 3 1.

More information

Cloud Computing in the Federal Sector: What is it, what to worry about, and what to negotiate.

Cloud Computing in the Federal Sector: What is it, what to worry about, and what to negotiate. Cloud Computing in the Federal Sector: What is it, what to worry about, and what to negotiate. Presented by: Sabrina M. Segal, USITC, Counselor to the Inspector General, Sabrina.segal@usitc.gov Reference

More information

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com HIPAA Privacy Rule Sets standards for confidentiality and privacy of individually

More information

Welcome. This presentation focuses on Business Associates under the Omnibus Rule of 2013.

Welcome. This presentation focuses on Business Associates under the Omnibus Rule of 2013. Welcome. This presentation focuses on Business Associates under the Omnibus Rule of 2013. Business Associates have been part of the focus of the HIPAA regulations since 2003 when the privacy rule went

More information

BREVIUM HIPAA BUSINESS ASSOCIATE TERMS AND CONDITIONS

BREVIUM HIPAA BUSINESS ASSOCIATE TERMS AND CONDITIONS BREVIUM HIPAA BUSINESS ASSOCIATE TERMS AND CONDITIONS The following HIPAA Business Associate Terms and Conditions (referred to hereafter as the HIPAA Agreement ) are part of the Brevium Software License

More information

Trust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits

Trust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits HIPAA Breaches, Security Risk Analysis, and Audits Derrick Hill Senior Health IT Advisor Kentucky REC Why Does Privacy and Security Matter? Trust Who Must Comply with HIPAA Rules? Covered Entities (CE)

More information

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015 NETWORK ACCESS CONTROL AND CLOUD SECURITY Tran Song Dat Phuc SeoulTech 2015 Table of Contents Network Access Control (NAC) Network Access Enforcement Methods Extensible Authentication Protocol IEEE 802.1X

More information

Sunday March 30, 2014, 9am noon HCCA Conference, San Diego

Sunday March 30, 2014, 9am noon HCCA Conference, San Diego Meaningful Use as it Relates to HIPAA Compliance Sunday March 30, 2014, 9am noon HCCA Conference, San Diego CLAconnect.com Objectives and Agenda Understand the statutory and regulatory background and purpose

More information

OCR UPDATE Breach Notification Rule & Business Associates (BA)

OCR UPDATE Breach Notification Rule & Business Associates (BA) OCR UPDATE Breach Notification Rule & Business Associates (BA) Alicia Galan Supervisory Equal Opportunity Specialist March 7, 2014 HITECH OMNIBUS A Reminder of What s Included: Final Modifications of the

More information

Solution Brief for HIPAA HIPAA. Publication Date: Jan 27, 2015. EventTracker 8815 Centre Park Drive, Columbia MD 21045

Solution Brief for HIPAA HIPAA. Publication Date: Jan 27, 2015. EventTracker 8815 Centre Park Drive, Columbia MD 21045 Publication Date: Jan 27, 2015 8815 Centre Park Drive, Columbia MD 21045 HIPAA About delivers business critical software and services that transform high-volume cryptic log data into actionable, prioritized

More information

My Docs Online HIPAA Compliance

My Docs Online HIPAA Compliance My Docs Online HIPAA Compliance Updated 10/02/2013 Using My Docs Online in a HIPAA compliant fashion depends on following proper usage guidelines, which can vary based on a particular use, but have several

More information

Verifying Correctness of Trusted data in Clouds

Verifying Correctness of Trusted data in Clouds Volume-3, Issue-6, December-2013, ISSN No.: 2250-0758 International Journal of Engineering and Management Research Available at: www.ijemr.net Page Number: 21-25 Verifying Correctness of Trusted data in

More information

HIPAA Compliance: Are you prepared for the new regulatory changes?

HIPAA Compliance: Are you prepared for the new regulatory changes? HIPAA Compliance: Are you prepared for the new regulatory changes? Baker Tilly CARIS Innovation, Inc. April 30, 2013 Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed

More information

What s New with HIPAA? Policy and Enforcement Update

What s New with HIPAA? Policy and Enforcement Update What s New with HIPAA? Policy and Enforcement Update HHS Office for Civil Rights New Initiatives Precision Medicine Initiative (PMI), including Access Guidance Cybersecurity Developer portal NICS Final

More information

WHITE PAPER. HIPPA Compliance and Secure Online Data Backup and Disaster Recovery

WHITE PAPER. HIPPA Compliance and Secure Online Data Backup and Disaster Recovery WHITE PAPER HIPPA Compliance and Secure Online Data Backup and Disaster Recovery January 2006 HIPAA Compliance and the IT Portfolio Online Backup Service Introduction October 2004 In 1996, Congress passed

More information

Technology & Business Overview of Cloud Computing

Technology & Business Overview of Cloud Computing Your Place or Mine? In-House e-discovery Platform vs. Software as a Service Technology & Business Overview of Cloud Computing Janine Anthony Bowen, Esq. Jack Attorneys & Advisors www.jack-law.com Atlanta,

More information

Hosting for Healthcare: ADDRESSING THE UNIQUE ISSUES OF HEALTH IT & ACHIEVING END-TO-END COMPLIANCE

Hosting for Healthcare: ADDRESSING THE UNIQUE ISSUES OF HEALTH IT & ACHIEVING END-TO-END COMPLIANCE Hosting for Healthcare: ADDRESSING THE UNIQUE ISSUES OF HEALTH IT & ACHIEVING END-TO-END COMPLIANCE [ Hosting for Healthcare: Addressing the Unique Issues of Health IT & Achieving End-to-End Compliance

More information

Montclair State University. HIPAA Security Policy

Montclair State University. HIPAA Security Policy Montclair State University HIPAA Security Policy Effective: June 25, 2015 HIPAA Security Policy and Procedures Montclair State University is a hybrid entity and has designated Healthcare Components that

More information

SURVEY OF ADAPTING CLOUD COMPUTING IN HEALTHCARE

SURVEY OF ADAPTING CLOUD COMPUTING IN HEALTHCARE SURVEY OF ADAPTING CLOUD COMPUTING IN HEALTHCARE H.Madhusudhana Rao* Md. Rahmathulla** Dr. B Rambhupal Reddy*** Abstract: This paper targets on the productivity of cloud computing technology in healthcare

More information

Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance

Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance White Paper Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance Troy Herrera Sr. Field Solutions Manager Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA

More information

(a) the kind of data and the harm that could result if any of those things should occur;

(a) the kind of data and the harm that could result if any of those things should occur; Cloud Computing This information leaflet aims to advise organisations on the factors they should take into account in considering engaging cloud computing. It explains the relevance of the Personal Data

More information