Yes, Docker and other serverless technologies can be used in HIPAA compliant environments. HIPAA does not require a specific type of infrastructure and cloud-based container services can be be configured in a HIPAA compliant manner.
Knowledge Center
The latest resources for HIPAA compliance, cloud computing, and cybersecurity
HIPAA FAQs
Who needs to comply with HIPAA?
Covered Entities (including health providers, health plans) and Business Associates (including healthcare vendors and digital health companies) are responsible for following complying with HIPAA and The Privacy Rule.
Both Covered Entities and Business Associates are responsible for implementing all required HIPAA safeguards when interacting with protected health information (PHI).
Who enforces HIPAA?
The US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) enforces the HIPAA Privacy and Security Rules.
What are the penalties for violating HIPAA?
Violations can result in fines as well as jail time and criminal penalties in certain circumstances. Fines or civil money penalties (CMPs) for HIPAA violations are based on a tiered structure, and increase based on the number of effected patients and amount of neglect. The amount of the penalty is at the discretion of HHS OCR.
The penalty guidelines are outlined as followed:
| Violation | Amount per violation | Maximum annual penalty |
|---|---|---|
| Did Not Know | $100 – $50,000 | $1,500,000 |
| Reasonable Cause | $1,000 – $50,000 | $1,500,000 |
| Willful Neglect — Corrected | $10,000 – $50,000 | $1,500,000 |
| Willful Neglect — Not Corrected | $50,000 | $1,500,000 |
Source: HHS, Federal Register.gov
Does signing a Business Associates Agreement (BAA) make my organization HIPAA compliant?
A Business Associates Agreement (BAA) dictates how a business associate (BA) operates and deals with protected health information (PHI). These agreements typically state how the business associate will maintain compliance and lays out responsibilities for both sides. Most cloud platforms, including Amazon Web Services (AWS) and Google Cloud Platform (GCP) operate on a “Shared Responsibility” model, where the cloud provider, as well as your organization are responsible for specific safeguards.
Although it is recommended you sign a BAA with service partners who will be storing PHI, BAAs do not automatically make your organization compliant. Your organization’s internal policies, procedures, and review of administrative, physical, and technical safeguards is an important responsibility that ultimately helps dictate if your organization is in compliance.
Is there a certification for HIPAA Compliance?
Unfortunately there is no official certification for HIPAA compliance. Organizations must consistently address and monitor physical, technical, and administrative safeguards to stay in compliance.
Dash Integrates SOC 2 Standards: Provides Path to SOC 2 Readiness
Dash has integrated the latest SOC 2 standards, including the latest AICPA 2017 Trust Services (TSC) into the Dash ComplyOps platform, enabling teams in AWS and Azure to quickly achieve SOC 2 Type II.
Read more
How To Select a SOC 2 Auditor
SOC 2 audits can only performed by an AICPA affiliated firm. Learn about requirements and best practices for selecting a SOC 2 Auditor, performing assessment, and receiving SOC 2 reports.
Read more
SOC 2 and The Trust Services Criteria (TSC)
SOC 2 evaluates teams based on set of controls defined in the Trust Services Criteria (TSC). Learn about the 5 categories of security controls and requirements for SOC 2 compliance.
Read moreJoin a community of healthcare innovators
Learn how Dash unlocks healthcare in the cloud
Request A Demo