HIPAA Compliant Cloud for Sensitive Health Data

Valentina Salapura

Abstract

Cloud environments offer flexibility, elasticity, and low cost compute infrastructure. Electronic health records (EHRs) require infrastructure which is regulated under several IT compliances with security and data persistence and restore. To enable customers to bring sensitive medical data in the cloud, we enabled the IBM Watson Health Cloud (WHC) for compliance with the U.S. federal electronic health record regulation. This paper briefly outlines how we create HIPAA- (Health Insurance Portability and Accountability Act) compliant cloud computing. We focus on the privacy and security rules for protecting Protected Health Information (PHI) and use data encryption for data-in-motion and data-at-rest. To meet HIPAA requirements for data persistence, we implement data back-ups, archiving service and disaster recovery plan. In this paper, we discuss various challenges and lessons learned for implementing the diverse set of compliance features required by HIPAA in the IBM WHC cloud.

References

  1. U.S. Department of Health & Human Services, 1996. “Health Insurance Portability and Accountability Act” HIPAA. [Online]. Available: https://aspe.hhs.gov/ report/health-insurance-portability-and-accountabilityact-1996.
  2. US Department of Education, 1974. “Family Educational Rights and Privacy Act (FERPA),” 1974. [Online]. Available: https://www2.ed.gov/policy/gen/guid/fpco. /ferpa/index.html?src=rn.
  3. Armbrust, M., Fox, A., Griffith, R., Joseph, A. D., Katz, R., Konwinski, A., Lee, G., Patterson, D., Rabkin, A., Stoica, I., and Zaharia, M., 2010. “A View of Cloud Computing,” Communications of the ACM, vol. 53, no. 4, 2010.
  4. Miller, F. P., Vandome, A. F., and McBrewster, J., 2010. Amazon Web Services. Alpha Press.
  5. SoftLayer. [Online]. Available: http://www.softlayer.com/ Schweitzer, E. J., 2012. Reconciliation of the cloud computing model with US federal electronic health record regulations. Journal of the American Medical Informatics Association vol. 19 no. 2.
  6. Rodrigues, J. J., de la Torre, I., Fernández, G., LópezCoronado, M., 2013. “Analysis of the Security and Privacy Requirements of Cloud-Based Electronic Health Records Systems,” Journal of Meical Internet Research, vol. 15, no. 8.
  7. Awad, A., Sakr, S., Elgammal, A., 2015. “Compliance Monitoring as a Service: Requirements, Architecture and Implementation,” International Conference on Cloud Computing (ICCC).
  8. Khan, K. M., Bai, Y., 2013. “Automatic Verification of Health Regulatory Compliance in Cloud Computing,” 15th International Conference on e-Health Networking, Applications & Services, IEEE.
Download


Paper Citation


in Harvard Style

Salapura V. (2017). HIPAA Compliant Cloud for Sensitive Health Data . In Proceedings of the 7th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER, ISBN 978-989-758-243-1, pages 596-602. DOI: 10.5220/0006356705960602


in Bibtex Style

@conference{closer17,
author={Valentina Salapura},
title={HIPAA Compliant Cloud for Sensitive Health Data},
booktitle={Proceedings of the 7th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,},
year={2017},
pages={596-602},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006356705960602},
isbn={978-989-758-243-1},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 7th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,
TI - HIPAA Compliant Cloud for Sensitive Health Data
SN - 978-989-758-243-1
AU - Salapura V.
PY - 2017
SP - 596
EP - 602
DO - 10.5220/0006356705960602