IBM Cloud HIPAA Guidance provides the framework for how clients can deploy HIPAA-ready systems and applications on IBM public cloud.
As the volume of personal information (including Personal Health Information) in the cloud continues to grow, security is a top priority for organizations on and migrating to the cloud. How the cloud is secured for critical services like authentication, authorization, auditing and end-client access becomes critical.
The IBM Cloud HIPAA guide provides a high-level overview of the requirements, examples of architecture designs (as shown below) and descriptions of the shared responsibilities across the various stakeholders — healthcare entity, development firm and cloud solution provider:
The intended audience of this guide is IBM Cloud clients who require their IBM Cloud environment and applications to be HIPAA-ready. Readers should be familiar with the HIPAA law, and technical readers should have knowledge of Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) architecture.
IBM Cloud clients must independently analyze their environments and use cases to verify that their own control environment meets the requirements set forth by HIPAA and cannot rely solely on this guide.