Quick, Simple HIPAA Reporting and Management for Public Cloud Computing Environments
The Health Insurance Portability and Accountability Act (HIPAA) requires all HIPAA covered businesses to prevent unauthorized access to “Protected Health Information” or PHI. PHI includes patients’ names, addresses, and all information pertaining to the patients’ health and payment records. According to the US Department of Health and Human Services (HHS), “HIPAA Rules apply to covered entities and business associates.” Complete compliance with HIPAA guidelines requires implementation of basic and advanced security measures. Basic security includes benchmark-based password creation and use, personnel education and training, limited access to PHI, data encryption, use of firewalls, antivirus software, and digital signatures.
HHS has issued guidance on HIPAA and cloud computing. Their instructions are clear and comprehensive, essentially confirming that HIPAA rules extend to cloud service providers and their business associates, and that HIPAA covered entities or business associates may use a cloud service to store or process ePHI data. As such, organizations that use public cloud services to process and maintain HIPAA data are subject to comply with the regulation.
For those organizations subject to HIPAA and who operate in a public cloud computing environment, the shared responsibility model of cloud computing must also be a key component to a cloud security and compliance strategy. The model stipulates that cloud service providers are responsible for securing the underlying infrastructure that supports the cloud, while their customers are responsible for security in the cloud. Adherence to the shared responsibility model does not negate an organization’s responsibility to also embrace HIPAA.
For organizations that protected health informations (PHI) and operate in a public cloud environment, adherence to both HIPAA and the shared security model is a must. Fortunately, RedLock is here to help organizations meet both requirements.
RedLock automatically discovers cloud resources as soon as they are created, and then immediately profiles them to understand which policies to assess for HIPAA compliance.
Compliance and security teams can easily view, monitor and report on the HIPAA compliance status of all public cloud environments, quickly noting resources that pass and fail the HIPAA requirements.
RedLock continuously monitors cloud computing resources for violations and automatically alerts the appropriate for remediation.
RedLock not only enables you to report on your current HIPAA compliance posture, but also maintains historical snapshots of your environment, enabling you to prove compliance for any past periods.
RedLock’s custom compliance dashboard enables organizations to create their control panel to view and manage HIPAA compliance, including a summary for all your public cloud computing environments. With RedLock, you can easily and quickly see the number of resources passing and failing compliances checks.
During an audit, organizations are asked to prove compliance for a given time period. This poses significant challenges in public cloud computing environments where users are constantly making changes without a security review. RedLock enables you to report on your current compliance posture, including HIPAA, and also maintains historical snapshots of your environment, enabling you to prove compliance for any past periods as well.
Get a demo to see how RedLock can help you and your organization with compliance assurance, including HIPAA, security governance, and SOC enablement.Get a Demo