HIPAA the Cloud

A-Reliable-Cloud-Storage-NetworkThese days we have the issue of the internet and changes to important information, such as health information, including our billing information. To combat this issue, the United States passed the HIPAA act in 1996. HIPAA stands for the Health Insurance Portability and Accountability Act, which is meant to cover the protection of health information, and protect you from fraud, but also to ensure confidentiality of your personal information, that if compromised can lead to fraud in any sector.

Because of this act, computer servers must maintain information in an approved HIPAA compliant manner, or face serious fines and punishment when later implicated in white-collar crimes, such as credit card fraud and identity theft. A good example of this came in the form of the Target Corporation, whose security was compromised, leading to 70 million people having their private identity information compromised.

In the wake of such revelations caused by such instances as the Target security breach, the United States Congress has amended HIPAA to include the new Final Security Rule, which governs the processes of storing valuable personal health information, and as Symform states, it also can be applied to backup and disaster recovery services, like those the company offers.  In particular, Symform offers policies through the establishment of clear access control, technology and procedures to restrict access to PHI, establishes locked and restricted areas in which PHI is stored. They also provide appropriate data backup, emergency operation strategies, and disaster recovery, along with security through technical security mechanisms, like encryption to protect data transmitted over a network.

In the world of Virtualization, also known as the Cloud, and is used for both storage and backup services, there are three primary options: IaaS (infrastructure), PaaS (platform), and SaaS (software as a service).  SaaS is the most abstract of the three, and is the one you may already be using, in the simple example of Gmail. You are not hosting your own email server; instead you are accessing the server through your browser-as-client. SaaS is geared for end-users and doesn’t require much to get started, since the provider finds out how many servers, virtual machines, everything, including the network equipment. So, you just point your browser at it.

IaaS is the opposite of SaaS, with this choice you would remain in control of the software environment, while the provider gets you the storage and other resources as your organization needs them. This is made easier thanks to virtualization technologies, which separate the virtual machines from the physical drives.  PaaS falls in the middle between the raw pieces of IaaS and the finished product of SaaS, and gives your developers tools and hooks to develop your choice of particular platform.

In making your choice of which of the three primary HIPAA compliant clouds to utilize, it all depends on what level of control you wish to remain entirely in your hands. If that’s as much as possible, IaaS is your best choice. If you would rather it work and do what it’s supposed to, then SaaS is your best alternative. But, perhaps you would like a mix of the two, then try out PaaS.

Leave a Reply

Your email address will not be published. Required fields are marked *