HIPAA Compliant Cloud for Sensitive Health Data

Cloud environments offer flexibility, elasticity, and low cost compute infrastructure. Electronic health records (EHRs) require infrastructure which is regulated under several IT compliances with security and data persistence and restore. To enable customers to bring sensitive medical data in the cloud, we enabled the IBM Watson Health Cloud (WHC) for compliance with the U.S. federal electronic health record regulation. This paper briefly outlines how we create HIPAA(Health Insurance Portability and Accountability Act) compliant cloud computing. We focus on the privacy and security rules for protecting Protected Health Information (PHI) and use data encryption for data-in-motion and data-at-rest. To meet HIPAA requirements for data persistence, we implement data back-ups, archiving service and disaster recovery plan. In this paper, we discuss various challenges and lessons learned for implementing the diverse set of compliance features required by HIPAA in the IBM WHC cloud.

[1]  Randy H. Katz,et al.  A view of cloud computing , 2010, CACM.

[2]  Miguel López-Coronado,et al.  Analysis of the Security and Privacy Requirements of Cloud-Based Electronic Health Records Systems , 2013, Journal of medical Internet research.

[3]  Chris Franke Family Educational Rights and Privacy Act (FERPA) , 2007, Journal of empirical research on human research ethics : JERHRE.

[4]  Sherif Sakr,et al.  Compliance Monitoring as a Service: Requirements, Architecture and Implementation , 2015, 2015 International Conference on Cloud Computing (ICCC).

[5]  Eugene J. Schweitzer,et al.  Reconciliation of the cloud computing model with US federal electronic health record regulations , 2012, J. Am. Medical Informatics Assoc..

[6]  Khaled M. Khan,et al.  Automatic verification of health regulatory compliance in cloud computing , 2013, 2013 IEEE 15th International Conference on e-Health Networking, Applications and Services (Healthcom 2013).