Note: This blog was specifically written to match the keyword “cloud computing data security.” It is formatted according to client specifications.
The [platform as a service] is equipped with the latest advances in cloud computing data security, so you can take advantage of everything cloud storage has to offer. [PaaS] allows medical practitioners to easily and securely share protected health information (PHI) within HIPAA regulations.
What are the concerns?
The Omnibus Final Rule of the Health Insurance Portability Accountability Act of 1996 (HIPAA) strengthens the privacy and security protections for health information. Any person or business who maintains and/or transmits PHI must ensure that the tools it is using are compliant with regulations. If businesses or individuals are not compliant with these regulations, they face stringent penalties.
What is [PaaS]?
[Client] created [PaaS] to accommodate this ruling. This unique data storage enclave is dedicated to PHI only, so covered entities and their associates can use the secure [product] platform to process, maintain and store this sensitive information. There are several safeguards to support HIPAA compliance.
Audit controls allow users to review account activity, including usage and access information. Each end user should sign up for a an account using a unique email address, and account administrators on the customer side will have total authorized access to accounts. After five failed login attempts, [PaaS] locks a user out for five minutes, and customers can configure a session timeout to automatically log users out after a period of inactivity.
[PaaS] also handles all encryption and decryption of files. All in-transit files are sent directly over a Secure Sockets Layer (SSL)- or Transport Layer Security (TLS)-encrypted segment using high-grade encryption with at least 128-bit key strength. At rest files are stored using the Advanced Encryption Standard (AES) with a 256-bit key. If you’re not a technical person, these complicated-sounding acronyms mean one thing: your data is safe with us.
[PaaS] conducts regular internal audits and performs HIPAA-related risk assessments to maintain the system’s compliance with all regulations. In the event of a disaster, our data centers provide redundant physical and environmental controls, and we maintain copies of customer files to prevent data loss in an emergency. The application and storage tier are hosted in geographically separate, secure SSAE 16 accredited data centers. Access to these buildings and the physical servers is restricted, regulated and monitored to ensure that all PHI is safely protected. [PaaS] also deploys a mirrored environment in a geographically separate data center for added redundancy.
As a responsible professional in the healthcare industry, it is your duty to ensure that any PHI is transmitted safely and securely. But you don’t have to forego the tools that make communication so much easier. [PaaS] works hard, so you don’t have to.