HIPAA Guidelines & Cloud Service Providers

Written by Natalie Bluhm on March 4, 2018

Share This Article

Let’s talk about HIPAA guidelines and how they relate to cloud service providers. Recently, a new cyber security recommendation report for Health and Human Services (HHS) was released by the Healthcare Industry Cybersecurity Task Force (HCIC). In the report, the HCIC makes a number of recommendations to HHS on how to increase cybersecurity for organizations that interact with healthcare data.
Healthcare is just one of the many industries that could benefit from better and more specific guidelines and more streamlined regulations. The HCIC and a handful of industry people tackled this by coming up with a number of recommendations on how to improve the state of cybersecurity in healthcare.
We took a look through the report, and the HCIC took a holistic approach to solving healthcare’s difficult and complex cybersecurity challenges.

HCIC Recommendations

Identity Security

Their recommendations spanned from creating clearer guidance to reforming web regulations in areas that affect healthcare. The HCIC also made specific recommendations for medical device vendors and patient data processors.
Some recommendations also included software security vendors and how they can support health care institutions. The HCIC emphasized focus on existing systems and the need to make sure these legacy systems are not getting left behind when system updates roll out (Recommendation 2.1.3).
Another recommendation called attention to creating better controls for who has access to patient data and ensuring those that are accessing patient data are really who they say they are (Recommendation 2.4).

HCIC Embraces Cloud Service Providers

the future of cloud IAM

The task force also decided to embrace the cloud and managed service providers. This stemmed from the realization that smaller healthcare organizations often do not have the resources to fully staff a credible cybersecurity group. It is critical that these smaller organizations consider leveraging third party solutions, like Directory-as-a-Service®, in order to support and meet these security guidelines (Recommendations 3.3 and 3.4).   
Right now, the HCIC report is only a set of recommendations for the HHS to consider incorporating into their cybersecurity policies. It would be wise for the healthcare industry to pay attention to their advice, and work toward getting ahead of the curve. Many of the recommendations in the report are excellent security practices, and if an organization is able, they should try to implement these ideas where appropriate.

Increase your Cybersecurity with CIAM

MFA security cloud

Thank you for reading about HIPAA guidelines and cloud service providers. If you are interested in learning about how our cloud identity and access management service (CIAM) can help your organization get a head of the curve, we would love to talk to you. If you’re interested in finding out how we approach security you can find our security practices here. You can also start testing our user management, device management, password management, and MFA by signing up for our free account. You’re first ten users are free forever.

Continue Learning with our Newsletter