Cloud
Security
August 13, 2021 By Vidyasagar Machupalli 3 min read

Learn how to enable HIPAA support for your account to protect health data.

With the rapidly expanding volume of personal information in the cloud, including Protected Health Information (PHI), it is critical to describe how the cloud is secured via critical services such as authentication, authorization, auditing, and end-client access.

Overview

The US Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act define standards for handling electronic healthcare transactions and information. If you or your company is a covered entity as defined by HIPAA, you must enable the HIPAA Supported setting if you run sensitive workloads that are regulated under HIPAA and the HITECH Act. Learn more about IBM Cloud compliance at Compliance on the IBM Cloud.

A quick intro to IBM Cloud 

IBM’s public cloud is a suite of cloud computing services that offers an extensive array of IaaS and PaaS capabilities to help enhance the security, accessibility and usability of clients’ business-critical needs. IBM Cloud leverages strategic services from third-party IBM Business Partners.

With IBM Cloud Infrastructure as a Service (IaaS), organizations can deploy and access virtualized IT resources — such as compute, storage and networking resources — remotely using the internet. For compute, organizations can choose bare metal or virtual server instances. 

With IBM Cloud Platform as a Service (PaaS), developers can use IBM services to create, deploy, run and manage various types of applications, including those used for HIPAA-compliant workloads. Developers can leverage various programming languages supported by IBM Cloud, including Java, Node.js, PHP, GO and Python.

HIPAA-ready vs HIPAA-neutral services 

HIPAA-ready, as used in this post, simply means the offering is ready to accept HIPAA data. HIPAA compliance, as distinguished from HIPAA-ready, involves actually meeting the HIPAA requirements on an ongoing basis. The client is responsible for its own compliance to the extent it has control over elements of compliance, and it is the client’s responsibility to understand, assess and comply with its applicable requirements.

A list of HIPAA-ready IBM Cloud services can be found at the IBM Cloud Compliance site. Other IBM Cloud services not listed may also be HIPAA-ready, have readiness in-progress or have been deemed HIPAA-neutral. HIPAA-neutral means a capability which operates without implicating HIPAA. For instance, IBM Cloud has several PaaS services that are HIPAA-ready or may be HIPAA-neutral based on the inherent nature of the service.

Some of the HIPAA-ready announcements:

Enable HIPAA support for your account

Accounts that enable the HIPAA Supported setting still have access to the full catalog of services. IBM Cloud services typically offer multiple plans. The HIPAA Enabled label on a service can apply to all available plans or be limited to specific plans or configurations. You, as the client, are solely responsible for limiting PHI to HIPAA Enabled product plans and architecting in accordance with HIPAA and HITECH.

  1. Navigate to https://cloud.ibm.com and log into your account.
  2. Go to Manage > Account, and select Account settings in the console.
  3. For the HIPAA Supported option, click On.
  4. Read the information about enabling this setting.
  5. Select Accept, and click Submit. Remember, you can’t disable the setting after you enable it.

Enabling this setting has the following effects:

  • Enables you to filter on HIPAA Enabled services in the catalog.
  • Indicates to IBM that your account stores protected health information (PHI).
  • Digitally accepts the IBM Business Associate Addendum (BAA) for covered entities.

After you enable the HIPAA Supported setting, you can use the HIPAA Enabled filter to find products that are HIPAA enabled. In the IBM Cloud catalog, expand the Compliance section and select HIPAA Enabled.

Governing resource configuration for platform services

If you are a security or compliance focal, you can use the IBM Security and Compliance Center to define configuration rules for the platform services that you’re working with in IBM Cloud. With IBM Cloud Security and Compliance Center, you can embed security checks into your every day workflows to help monitor for security and compliance.

Config rules are used to enforce the configuration standards that you want to implement across your accounts. A configuration rule is a JSON document that defines the configuration of resources. With the IBM Cloud Security and Compliance Center, you can create rules for specific IBM Cloud resource types to govern the way that resources in your account can be provisioned or configured. Refer security and compliance config rule to understand what makes up a rule, the services to which the rule be applied and answers to other questions.

What’s next?

If you have any queries, feel free to reach out to me on Twitter or on LinkedIn

Was this article helpful?
YesNo
Vidyasagar Machupalli
Sr. Solutions Architect & Cloud Deployment Leader

More from Cloud
May 23, 2024

Enhance your data security posture with a no-code approach to application-level encryption

4 min read - Data is the lifeblood of every organization. As your organization’s data footprint expands across the clouds and between your own business lines to drive value, it is essential to secure data at all stages of the cloud adoption and throughout the data lifecycle. While there are different mechanisms available to encrypt data throughout its lifecycle (in transit, at rest and in use), application-level encryption (ALE) provides an additional layer of protection by encrypting data at its source. ALE can enhance…

May 23, 2024

Attention new clients: exciting financial incentives for VMware Cloud Foundation on IBM Cloud

4 min read - New client specials: Get up to 50% off when you commit to a 1- or 3-year term contract on new VCF-as-a-Service offerings, plus an additional value of up to USD 200K in credits through 30 June 2025 when you migrate your VMware workloads to IBM Cloud®.1 Low starting prices: On-demand VCF-as-a-Service deployments begin under USD 200 per month.2 The IBM Cloud benefit: See the potential for a 201%3 return on investment (ROI) over 3 years with reduced downtime, cost and…

May 20, 2024

The history of the central processing unit (CPU)

10 min read - The central processing unit (CPU) is the computer’s brain. It handles the assignment and processing of tasks, in addition to functions that make a computer run. There’s no way to overstate the importance of the CPU to computing. Virtually all computer systems contain, at the least, some type of basic CPU. Regardless of whether they’re used in personal computers (PCs), laptops, tablets, smartphones or even in supercomputers whose output is so strong it must be measured in floating-point operations per…

IBM Newsletters

 Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters