HIPAA Compliant Cloud Security Architecture
Covered entities and their business associates use HITECH and HIPAA compliant cloud security architecture that enables secure, scalable, low cost IT components to architect applications.
Choose an infrastructure platform with industry recognized certifications and audits such as ISO 27001, FedRAMP, and the Service Organization Control Reports (SOC1, SOC2, and SOC3).
To help ensure the integrity and safety of customer data choose a platform that has multiple layers of operational and physical security.
Choose CSPs that provide covered entities and their business associates subject to HIPAA to securely process, store, and transmit PHI.
Questions to consider
Is your HIPAA Cloud data security architecture designed using an industry standard? (e.g. CDSA, MULTISAFE, CSA Trusted Cloud Architectural Standard, FedRAMP CAESARS)
If the service offering in scope includes IaaS, do you provide clients with guidance on how to create suitable production and test environments?
If the service offering in scope includes IaaS, do you provide customers with guidance on how to create secure isolated environments using your virtualized solution?