HIPAA compliance has presented challenges to the health care industry since before cloud computing was even an option, and for many years left “both client organizations and cloud vendors without clear guidance on how to comply” in the context of the cloud, as Thomas Trappler wrote for ComputerWorld. The 2013 update to HIPAA is a large step towards bringing it up to date, however. And now that HIPAA’s catching up with the times, you must catch up with its rules. Here are four ways CipherCloud’s cloud data privacy platform can help.
1. It puts control over compliance back in your hands.
As we’ve mentioned in this blog time and time again, cloud data privacy and regulatory compliance demand control: control over your data, control over how and when you protect your data, and control over the encryption keys that can unlock your data. The update to HIPAA does seem to make cloud providers directly liable for compliance as “business associates” transmitting protected health information (PHI), as Trappler observed, but that doesn’t negate organizations’ own responsibility to remain compliant. CipherCloud’s cloud data privacy platform, encompassing robust data discovery, granular encryption and tokenization of PHI, and exclusive enterprise access to encryption keys, puts that control back in your hands even when your PHI is housed by a third party.
2. It enables you to quickly identify discovery issues and get back into compliance.
Control is impossible without knowledge. With the tools CipherCloud’s cloud data privacy solution provides, you can gather that knowledge. You need to know who’s accessing your data, and how. Only then can you know whether there are ways for unauthorized personnel to view or download PHI, and if there are, how to address the problems. Finding this out quickly means that you can get back into compliance quickly, too.
3. It integrates with existing DLP solutions to ward off insider threats.
Malicious insiders aren’t the only internal threats to your continued HIPAA compliance. Unfortunately, sometimes well-meaning employees with access to PHI make mistakes. Perhaps they put PHI in an email destined for someone who shouldn’t see it or include it in attachments that may make it outside of your own organization. CipherCloud’s cloud data privacy platform can complement your existing DLP solutions, catching those mistakes before they become a problem, or at least making it easier to identify the source of the leak afterwards.
4. It provides clear audit trails.
As with all regulatory compliance, auditing plays a significant role in HIPAA compliance. HIPAA requires a clear audit trail; CipherCloud’s cloud data privacy platform provides that with robust, centralized logging of all your users’ activities in the cloud. And since cloud regulatory compliance is a moving target, this logging provides a valuable resource for not only compliance audits, but also the ongoing job of maintaining compliance.
This year’s update to HIPAA provides clearer guidance than ever on how health care organizations using the cloud must approach the privacy of the data in their possession. That guidance alone isn’t enough without the right tools, however. CipherCloud’s tools are purpose-built for regulatory compliance in the cloud, making them ideal for enterprises that want to benefit from the cloud’s efficiency, elasticity, and economies of scale while mitigating the risks of handing data over to third parties.
How has the HIPAA update affected your data privacy policies? Let us know in the comments.