A HIPAA, Dippa Cloud
If you have anything to do with health care, you know more than you ever wanted about HIPAA, the regulation that is supposed to ensure patient privacy.
The cloud raises a few issues in regard to HIPAA. First, is the data secure? Second, does the provider provide true HIPAA protections? IT outfit Logicalis is offering advice on what to look for in a cloud provider to meet HIPAA demands. Most of it is fairly obvious -- well, obvious once it is all put into words. (Hey, I would have thought of that!) According to Logicalis, a cloud provider should:
- Have someone dedicated to making sure your app meets regulations.
- Have controls so access is only given to those authorized.
- Have policies that ensure HIPAA-level privacy and security.
- Make sure data is encrypted when sitting on the servers and in transit.
- Make sure disaster recovery is proven to work.
- And monitor your apps for possible intrusions.
This all sounds great, but it's also a decent checklist for any app that needs a modicum of security.
I believe in HIPAA, but the doctors' offices I go to must not have read the memo. I've been in waiting rooms where a patient comes in, and in a loud voice the receptionist asks what the patient is there for. "Methadone," the patient says.
"METHADONE!" the patient replies.
You call that privacy?
Posted by Doug Barney on 04/05/2011 at 12:47 PM