Welcome!

@CloudExpo Authors: William Schmarzo, Elizabeth White, Liz McMillan, Pat Romanski, Yeshim Deniz

Related Topics: @CloudExpo, Microservices Expo, Containers Expo Blog, Agile Computing, Cloud Security, @DXWorldExpo

@CloudExpo: Article

Changing Standards for Online Healthcare Data – HIPAA & the Cloud

The safety of personal healthcare information on the cloud continues to be an important topic

Just a few months ago I wrote a blog post about healthcare data on the cloud (HIPPA Cloud Storage) and the security concerns surrounding this very sensitive and valuable data. I mentioned that as with many industries, more healthcare data is being moved to the cloud, but the healthcare industry has remained a few paces behind others in terms of securing online data.

The safety of personal healthcare information on the cloud continues to be an important topic, specifically in regards to government-issued guidelines. There are new requirements going into effect this year that expand on how HIPAA and HITECH standards regulate healthcare data on the cloud.

HIPAA & Cloud Security
For years, HIPAA has required healthcare organizations to maintain confidentiality of electronic health information that can be linked back to an individual. More recently, HITECH provisions further strengthened HIPAA penalties and criminal enforcement.

This year's new provision to HIPAA, known as the Omnibus final rule, has its compliance date coming up in September 2013. There are important implications for vendors that are involved in any way with storing, transmitting or otherwise handling personal healthcare records. Anyone involved in those capacities is now known as a "Business Associate" and is therefore subject to the compliance regulations put forth in HIPAA. Those not compliant with HIPAA rules are subject to various penalties, including fines, as in the case of the recently announced Wellpoint fine.

As I have written about before, both "Covered Entities" (Healthcare providers, etc.) and Business Associates looking to leverage cloud services but keep sensitive patient information within their full control have been leveraging a new class of technologies known as Cloud Data Protection Gateways. These gateways intercept sensitive data while it is still on-premise, encrypts or replaces it with a random token and protects the data whether at rest, in transit or on the cloud. Encryption and Tokenization techniques deployed within these gateways are a viable solution to help organizations stay compliant.

As industry and government regulations surrounding HIPAA and the cloud continue to impact cloud users and providers, I will keep this blog up to date on changes and on solutions to stay on top of requirements.

Read the original blog entry...


PerspecSys Inc. is a leading provider of cloud protection and cloud encryption solutions that enable mission-critical cloud applications to be adopted throughout the enterprise. Cloud security companies like PerspecSys remove the technical, legal and financial risks of placing sensitive company data in the cloud. PerspecSys accomplishes this for many large, heavily regulated companies across the world by never allowing sensitive data to leave a customer's network, while maintaining the functionality of cloud applications. For more information please visit http://www.perspecsys.com/ or follow on Twitter @perspecsys.

More Stories By Gerry Grealish

Gerry Grealish is Vice President, Marketing & Products, at PerspecSys. He is responsible for defining and executing PerspecSys’ marketing vision and driving revenue growth through strategic market expansion and new product development. Previously, he ran Product Marketing for the TNS Payments Division, helping create the marketing and product strategy for its cloud-based payment gateway and tokenization/encryption security solutions. He has held senior marketing and leadership roles for venture-backed startups as well as F500 companies, and his industry experience includes enterprise analytical software, payment processing and security services, and marketing and credit risk decisioning platforms.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


CloudEXPO Stories
Industry after industry is under siege as companies embrace digital transformation (DX) to disrupt existing business models and disintermediate their competitor’s customer relationships. But what do we mean by “Digital Transformation”? The coupling of granular, real-time data (e.g., smartphones, connected devices, smart appliances, wearables, mobile commerce, video surveillance) with modern technologies (e.g., cloud native apps, big data architectures, hyper-converged technologies, artificial intelligence, blockchain) to enhance products, processes, and business-decision making with customer, product and operational insights.
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throughout enterprises of all sizes.
CloudEXPO has been the M&A capital for Cloud companies for more than a decade with memorable acquisition news stories which came out of CloudEXPO expo floor. DevOpsSUMMIT New York faculty member Greg Bledsoe shared his views on IBM's Red Hat acquisition live from NASDAQ floor. Acquisition news was announced during CloudEXPO New York which took place November 12-13, 2019 in New York City.
OpsRamp is an enterprise IT operation platform provided by US-based OpsRamp, Inc. It provides SaaS services through support for increasingly complex cloud and hybrid computing environments from system operation to service management. The OpsRamp platform is a SaaS-based, multi-tenant solution that enables enterprise IT organizations and cloud service providers like JBS the flexibility and control they need to manage and monitor today's hybrid, multi-cloud infrastructure, applications, and workloads, including Microsoft Azure. We are excited to partner with JBS and look forward to a long and successful relationship.
The Master of Science in Artificial Intelligence (MSAI) provides a comprehensive framework of theory and practice in the emerging field of AI. The program delivers the foundational knowledge needed to explore both key contextual areas and complex technical applications of AI systems. Curriculum incorporates elements of data science, robotics, and machine learning-enabling you to pursue a holistic and interdisciplinary course of study while preparing for a position in AI research, operations, software or hardware development, or doctoral degree in a sector poised for explosive growth.