Compliance in the Cloud – HIPAA

compliance word cloud: Ad Victoriam Solutions Cloud Strategy blog

Today many companies are looking to move their applications and workflows to the Cloud in order to realize benefits such as minimizing cost, reducing IT overhead, and enterprise scalability.

Some of these solutions are required to maintain compliance with HIPAA, which creates concern when hosting in a public cloud platform such as AWS or Microsoft Azure. The good news is that both of these major public cloud providers have solutions for applications that require this sort of compliance.

Solutions that handle Protected Health Information (PHI) must maintain HIPAA compliance and are required to manage a number of safeguards at the administrative, technical, and physical levels. Some examples of these safeguards include:

  • Administrative
    • Privacy Officer Assignment
    • Annual Risk Assessments
    • Policies and Procedures
    • Employee Training
    • Establish a Business Associate Agreement (BAA) with all partners involved
  •  Technical
    • Transmission Security
    • Access Control
    • Auditing
  • Physical
    • Facility Access Controls
    • Workstation compliance
    • Device and Media handling

Typically, administrative safeguards are handled when a company accesses the PHI, technical controls are handled by the applications that manage this data, and physical safeguards are handled by parties that have physical access to the infrastructure.

Next, we will look at how AWS and Azure provide a platform to host HIPAA compliant applications as each provider meets HIPAA compliance at the Physical level.

AWS is a large player in the public cloud platform sector, and it provides the mechanisms to host a HIPAA compliant solution. AWS does provide a Business Associate Agreement (BAA) by request, but requires that you host your application in dedicated instances. Dedicated instances are costlier than shared instances, but guarantee that your VM is isolated and does not share resources with other VMs. Also, AWS requires that a VPC must be employed, and that their S3 and EBS services should be used to process and store PHI. Applications are required to handle encryption of the data in transit, auditing, and access controls.

Azure is another large public cloud platform, and also provides the ability to host a HIPAA compliant solution. Azure provides a BAA to all customers that are part of their Microsoft Online Subscription program, which is essentially any customer that is part of their Pay-as-you-go or Volume License agreements. Azure also provides HIPAA compliance for most of their Platform-as-a-Service (PaaS) offerings, such as Azure SQL Database, Azure Service Bus, and Azure Cloud Services. This creates an advantage when hosting HIPAA compliant solutions in Azure, as their BAA covers most of their IaaS, PaaS, and SaaS offerings. As with AWS, Azure requires that the applications handle certain measures such as encryption, auditing, and access controls.

AWS and Azure, the top two public cloud platforms, each provide a solution to host a HIPAA compliant solution. Each certify their solutions at the physical level, and require the customer to handle compliance at the administrative and technical levels. As such, certain architectures and security measures should be used to ensure that the application meets HIPAA compliance.

For more information on how you can host your HIPAA application in the cloud, please reach out to Ad Victoriam solutions.

Unlocking Affordable and Scalable Hybrid Cloud Integration

Hybrid Cloud Integration - Scalable and Affordable

In this article, we will focus on how using Azure Logic Apps can provide an effective and affordable iPaaS solution for companies of any size – a Hybrid Cloud Integration.

Companies today, large and small, are using a mixture of on premise and SaaS applications to run their business.  Systems such as an ERP, POS, or a home-grown application will live within the company’s four walls, while services such as Salesforce, QuickBooks Online, and Office 365 will live in a cloud based environment.

One of the challenges that many companies face is integrating on-premise and cloud systems, so that data can flow between the two systems and prevent duplication or inconsistencies.

Introducing the Azure Enterprise Cloud Solution

Microsoft Azure, the cloud platform from Microsoft, provides what is called an “Integration Platform as a Service” (or iPaaS) to integrate across enterprise and cloud systems.  With Azure’s cloud based suite of integration tools and services, companies can connect disparate systems, automate processes, and integrate with partners using hybrid cloud solutions (on-premise to SaaS, SaaS to SaaS, PaaS to SaaS, etc.).  As with all of the Azure offerings, their iPaaS tools provide enterprise-class solutions with ability to scale up and down with the company’s needs, allowing companies to pay only for what is utilized.

Azure Logic Apps are part of the iPaaS tool suite, and makes integrating disparate data sources achievable, scalable, and affordable.  Many connectors are provided free of charge to allow the Logic App to connect different SaaS systems (list of available connectors), and you have the ability to create your own connectors as well.  These connectors provide the ability to trigger a Logic App to run, and they are also used to perform actions (or operations) within that Logic App.

Example Case Study

As an example scenario, let’s say that we would like to integrate Salesforce Accounts into an on-premise ERP system, and provide a two-way integration.  The first Logic App would be created using the Salesforce connector, with the trigger of “When an Object is created/updated” using the object class Account, and the action would be to send an API call to the on-premise ERP system to update the Customer record associated with the Salesforce Account.  The second Logic App would be created in the reverse order, listening for new/updated Customers from the ERP, and using the Salesforce connector to push that change to Salesforce.  This would provide near real-time integration between Salesforce and the ERP system for Accounts and Customers.

This real world scenario is just a simple example of how the Azure iPaaS can provide an affordable and scalable integration solution for on-premise and cloud systems.  For more information on hybrid cloud solutions and how they can solve your integration challenges, please contact Ad Victoriam Solutions, or call (77) 691-1642 and ask for Eric Philips.