Your Healthcare, Your Cloud, and HIPAA
Healthcare companies once considered the idea of managing any computing activities in the cloud a distant future due to ever-tightening standards of patient privacy. But software development and testing workloads are equally as ideal and secure in the cloud for health industry enterprises as other complex businesses.
Since the HIPAA Omnibus rule was released, and recently finalized, covered entities or business associates of covered entities can more readily utilize cloud providers. Skytap’s HIPAA-ready offering of Environments as a Service (EaaS) is a low-cost, scalable, and secure platform to create and maintain your development and test environments. In line with the requirements of HIPAA, Skytap can enter into a Business Associates Agreement (BAA) to promote a software partner’s readiness for current healthcare IT and data security standards, thereby securing end patients’ or customers’ protected health information (PHI).
Much like other compliance programs, HIPAA compliance in the cloud is a shared responsibility between the cloud service provider (CSP) and the customer. The shared responsibility model allows each party to easily understand security and compliance requirements.
The chart below shows a sample of HIPAA requirements and responsibility assignments between the customer and Skytap.* These requirements as well as others will be reviewed as part of the BAA. Note that part of our customers’ compliance may be reliant on utilizing certain features built into the Skytap application (i.e. account access controls, monitoring, etc.).
When cloud solution and infrastructure providers are as serious about security, access controls and compliance to HIPAA standards as the best healthcare industry organizations, there is no reason why software development and testing can’t get a shot in the arm of agility thanks to ready environments.
*Disclaimer: Although Skytap’s internal security practices and product features promote our customer’s HIPAA compliance; this does not constitute a complete compliance program for our customers.