Established cloud platforms like AWS have a number of certifications and security programs organizations are able to take advantage of.
Public cloud platforms offer hundreds of managed services that organizations can utilize to build solutions quickly.
Public cloud platforms allow organizations to pay for only the services they need and scale out to large services when it is time to scale up.
Organizations can build applications using almost any major technology when using public cloud platform.
For any cloud solutions used for storing, analyzing, and/or transmitting protected health information (PHI), your organization must sign and execute a Business Associates Agreement (BAA). This agreement details the breakdown of HIPAA responsibilities between your organization and the cloud provider.
A BAA should also be signed for all software that will store, analyze, or transmit PHI. So if your team will store PHI in Dropbox, CRM platforms or other services, you must have a signed BAA with those software vendors as well.
Your cloud provider’s BAA dictates which services can or cannot be used in a HIPAA compliant manner. For example, some organization’s may have covered services for specific product lines, or software packages.
Only services covered under the cloud BAA should be utilized with PHI. Organization’s such as Amazon Web Services (AWS) have a large list of HIPAA eligible services. Your team can utilize BAA covered services to store and handle PHI.
Regardless of the selected cloud provider, your organization has specific HIPAA responsibilities. Your organization must create a set of HIPAA administrative policies that dictate standard operating procedures for implementing, reviewing, and managing compliance safeguards.
Your team must also implement all technical safeguards not provided or setup by your cloud provider. This includes encryption, backup and recovery, and audit logging solutions. It is possible to build a non-compliant solution on a HIPAA compliant cloud provider.
The Dash Compliance Automation Platform, offers organizations a single solution for configuring and monitoring HIPAA compliance in Amazon Web Services. With Dash, your organization can build HIPAA compliant applications in your own AWS account. Dash automates many regulatory requirements to ensure a HIPAA compliant cloud. All Dash installations include:
Custom administrative policies – Dash generates all necessary HIPAA administrative policies based around your organization
Continuous compliance monitoring – Dash scans and monitors your cloud environment for compliance issue and provides triage and remediation for compliance concerns
Real-time compliance notifications – Dash provides real-time notifications about your organization’s security and compliance profile.
Dash is built around a team of compliance and cloud experts. We provide HIPAA cloud solutions that enable organizations to easily configure and manage HIPAA in Amazon Web Services, the market-leading cloud platform.
HIPAA/HITECH Compliance Experts
Security Plans Tailored To Your Organization
Compliance Built Around Your Cloud and Infrastructure
Amazon Web Services (AWS) Advanced Partner