Azure and Healthcare in Harmony
"We operated in 8 countries with 1,500 employees located in some of the most remote poorest regions of the world"
Partners in Health was in dire need of a technical foundation to build out a collaboration & document management solution. We operated in 8 countries with 1,500 employees located in some of the most remote poorest regions of the world. We required on/off line capabilities that work over low bandwidth. Microsoft Office 365 and Azure was the only solution that could meet our demanding needs.
We required a solution that would allow us to replace our data centers with Cloud services. By adopting the Cloud with strict rules in place – We mitigate our risk. It’s not “fire and forget” however, it’s a two way street with ownership on both sides to ensure compliancy.
HIPAA mandates healthcare providers that store and transmit PHI and their business associates (who may store or transmit PHI). Electronic Protected Health Information is referred to as ePHI.
From a technical point of view
• HIPAA compliance revolves around the encryption requirements & guidelines for the storage & transmission of data containing PHI
• Data is categorized as either “data at rest” (in a database, file share, etc.) or “data in transit” (email, etc.)
• It’s not a federal legal requirement by HIPAA that data at rest be encrypted
• In the event of a “breach”(loss or interception of data containing PHI)
♦ In the event data at rest or the data in transit are noted and encrypted. There can be severe and public reporting requirements as well as significant fines depending on the size of the breach/number of PHI records involved
♦ Encrypt your data at rest and in transit, then the breach notification, and reporting requirements are significantly reduced.
♦ Azure offers a form of contractually defined indemnification and shared responsibility with customers who are either covered entities or the business associates of covered entities. These contracts are referred to as a “Business Associate Addendum” or “Business Associate Agreement” contract (BAA)
♦ For a covered entity or business associate that uses HIPAA compliant services to be HIPAA compliant;
1. You must have a signed BAA on file with Azure
2. You must implement and follow the guideline that Azure defines in their HIPAA security implementation guides for the services defined in the BAA
3. Use of HIPAA compliant services without both of these two components does not guarantee HIPAA compliance
♦ Azure and the use of Office 365 , including SharePoint Online, Exchange Online, etc., that manage patient data as defined by HIPAA will be covered under the Microsoft business associate addendum (BAA)
♦ Only the HIPAA-eligible services defined in the Microsoft BAA can be used to process, store, and transmit PHI/ePHI
Partnering with Microsoft and implementing the 365 stack with Azure has strengthened our technology footprint allowing us better serve the poor and sick.
By Leni Kaufman, VP & CIO, Newport News Shipbuilding
By George Evans, CIO, Singing River Health System
By John Kamin, EVP and CIO, Old National Bancorp
By Elliot Garbus, VP-IoT Solutions Group & GM-Automotive...
By Gregory Morrison, SVP & CIO, Cox Enterprises
By Alberto Ruocco, CIO, American Electric Power
By Sam Lamonica, CIO & VP Information Systems, Rosendin...
By Sergey Cherkasov, CIO, PhosAgro
By Pascal Becotte, MD-Global Supply Chain Practice for the...
By Stephen Caulfield, Executive Director, Global Field...
By Shamim Mohammad, SVP & CIO, CarMax
By Ronald Seymore, Managing Director, Enterprise Performance...
By Brad Bodell, SVP and CIO, CNO Financial Group, Inc.
By Jim Whitehurst, CEO, Red Hat
By Clark Golestani, EVP and CIO, Merck
By Scott Craig, Vice President of Product Marketing, Lexmark...
By Dave Kipe, SVP, Global Operations, Scholastic Inc.
By Meerah Rajavel, CIO, Forcepoint
By Amit Bahree, Executive, Global Technology and Innovation,...
By Greg Tacchetti, CIO, State Auto Insurance