Cloud compliance Cover.jpg
6 keys to selecting a cloud vendor for healthcare data
As healthcare organizations continue to move toward cloud-based data hosting services, they face multiple regulations for how to handle and secure protected health information.

For example, virtually all healthcare providers, insurers and business associates understand their obligations under the HIPAA privacy, security and breach notification rules. But how many of these entities know that storing, processing or otherwise handling credit card information falls under standards established by the Payment Card Industry? Cloud hosting vendor iland offers a checklist for healthcare data security compliance in the cloud, as well as credit card standards, that could include significant fines for noncompliance.
May 9 Cloud AdobeStock_67952373 A.jpeg
Rules everywhere
Consider the role the cloud plays in complying with HIPAA regulations. Requirements, among others, include securing physical access to the facility storing data; encrypting sensitive information at all times regardless of the device that data is coming from or going to; pre-planning backup and data recovery documentation; securing disconnects of inactive sessions; ensuring vendor familiarity with HIPAA rules; and implementing audit controls and documentation to demonstrate compliance.
May 9 Cloud AdobeStock_139811458 B.jpeg
Evaluate your cloud vendor
Cloud vendors being considered should be well-versed in the above requirements. Providers should purchase analyst reports, and get referrals from application and network vendors already serving the organization.
May 9 Cloud AdobeStock_131386617 C.jpeg
Quiz time
When meeting with prospective vendors, bring a checklist to ensure all questions are answered. Expect an intense conversation, not an email exchange. Often, the significant costs of a data breach are not the HIPAA violation fines imposed by regulators, but the negative publicity and loss of patient or customer faith.
May 9 Cloud AdobeStock_196686433 D.jpeg
Conduct a walk-through
Arrange to tour the facilities of prospective vendors and request detailed analyses of compliance-related processes. Some considerations to include are qualities of the vendor, compliance technologies in place, reporting capabilities available and compliance-oriented customer support. For example compliance professionals should be available to meet the team, show applicable certifications, know how to align procedures with regulatory requirements that include final disposal of sensitive data, and be willing to discuss compliance and security procedures directly with the customer’s auditors.
May 9 Cloud AdobeStock_69873549 E.jpeg
Time to roll out
Develop comfort with the chosen vendor through a rollout plan. Work with the vendor to decide how best to configure workloads to ensure compliance. Possibly start with the least sensitive workloads or start with less compliance-critical information systems to see how well the compliance framework is working.
May 9 Cloud AdobeStock_107479779 F.jpeg
Don’t settle
From the beginning, ensure the vendor has the organization’s compliance and audit needs in mind. The vendor should put the organization’s needs first and has clearly demonstrated throughout the process that it wants the healthcare organization to benefit from the cloud.
May 9 Cloud AdobeStock_61568304 G.jpeg
More information
The complete checklist from iland is available here.