a

HIPAA Compliance in the Cloud

Joel Garcia Joel Garcia has been building AllCode since 2015. He’s an innovative, hands-on executive with a proven record of designing, developing, and operating Software-as-a-Service (SaaS), mobile, and desktop solutions. Joel has expertise in HealthTech, VoIP, and cloud-based solutions. Joel has experience scaling multiple start-ups for successful exits to IMS Health and Golden Gate Capital, […]

HIPAA Compliance for digital health startups is important.

In this blog post, we’ll define HIPAA, PHI, and HIPAA Compliance. We’ll then provide practical examples of PHI. We will specify some steps that need to be taken to secure PHI in a cloud environment. We’ll then begin to discuss some of the 3rd party vendors that offer different compliance solution.
The HIPAA Privacy Rule protects most “individually identifiable health information” held or transmitted by a covered entity or its business associate, in any form or medium, whether electronic, on paper, or oral. The Privacy Rule calls this information protected health information (PHI)2.
Practical examples of PHI are

  • Patient names
  • Addresses — In particular, anything more specific than state, including street address, city, county, precinct, and in most cases zip code, and their equivalent geocodes.
  • Dates — Including birth, discharge, admittance, and death dates.
  • Telephone and fax numbers
  • Email addresses
  • Social Security numbers
  • Driver’s License information
  • Medical record numbers
  • Account numbers
  • Health plan beneficiary numbers
  • Certification/license numbers
  • Vehicle identifiers and serial numbers, including license plate numbers
  • Device identifiers and serial numbers
  • Names of relatives
  • Internet Protocol (IP) address numbers
  • Biometric identifiers — including finger and voice prints.
  • Full face photographic images and any comparable images.

When your cloud application makes use of PHI, then your cloud application must take additional security steps to protect the PHI. These steps include:

  • Managing encryption at rest and in transit.
  • Encrypting database backups
  • Centralized Access Control system to audit who has access to the the PHI

There is a also a compliance angle to HIPAA. You can tell a vendor that you are compliant, but how do you prove it? In order to demonstrate HIPAA Compliance. You will invariably need to sign a Business Associate Agreement (BAA). The BAA will attest that the PHI provided to you will be protected, audited, used by professionals are educated on PHI, and have documented processes. You will need the following:

  • Automated Risk Assessment
  • Policy Procedures
  • Training for your workforce.
  • Incident Response Tool - Policy in place.
  • Intrusion detection software.

There are a number of different options in the cloud:
Aptible -  https://www.aptible.com - HIPAA Compliant Docker Container Solution
TrueVault - https://www.truevault.com - HIPAA Compliant Secure API to Store Health Data.
ClearDATA - https://www.cleardata.com - Healthcare Management Platform that resides on AWS.
AWS Snowball - https://aws.amazon.com/snowball/ - AWS Snowball enables you to to transfer large amounts of data, including Protected Health Information, into and out of the AWS Cloud in a secure and cost-effective manner

Joel Garcia
Joel Garcia

Joel Garcia has been building AllCode since 2015. He’s an innovative, hands-on executive with a proven record of designing, developing, and operating Software-as-a-Service (SaaS), mobile, and desktop solutions. Joel has expertise in HealthTech, VoIP, and cloud-based solutions. Joel has experience scaling multiple start-ups for successful exits to IMS Health and Golden Gate Capital, as well as working at mature, industry-leading software companies. He’s held executive engineering positions in San Francisco at TidalWave, LittleCast, Self Health Network, LiveVox acquired by Golden Gate Capital, and Med-Vantage acquired by IMS Health.

Related Articles

The Difference Between Amazon RDS and Aurora

The Difference Between Amazon RDS and Aurora

AWS does incorporate several database services that offer high performance and great functionality. However, customers do find the difference between Amazon Relational Database Service and Amazon Aurora. Both services do provide similar functions, but do cover their own use cases.

AWS Snowflake Data Warehouse Pricing Guide

AWS Snowflake Data Warehouse Pricing Guide

AWS Snowflake Data Warehouse – or just Snowflake – is a data cloud built for users to mobilize, centralize, and process large quantities of data. Regardless of how many sources are connected to Snowflake or the user’s preferred type of organized data used, data is easily stored and controllably shared with selectively-authorized access. Snowflake does offer extensive control over its pricing, though how it works isn’t always clear.

Guide to Cost Factors for Amazon’s RDS Pricing

Guide to Cost Factors for Amazon’s RDS Pricing

Addressing the question of what influences Amazon RDS costs, it’s important to note that Amazon sports a complex pricing model. While the pay-for-what-you-use model seems straightforward, there are nuanced aspects to consider. Factors such as data usage and the choice of computing components can swiftly deplete one’s budget allocation. However, this doesn’t mean that AWS is inherently costly. With proper planning and a deep understanding of the contributing elements to billing, users can navigate and optimize their expenses effectively.

Download our 10-Step Cloud Migration ChecklistYou'll get direct access to our full-length guide on Google Docs. From here, you will be able to make a copy, download the content, and share it with your team.