Dedicated Cloud Compute HIPPA Architecture

Easily Meet HIPAA Requirements

Keeping compliance requirements for a system up-to-date can be hard and time-consuming—the Health Insurance Portability and Accountability Act (HIPAA), the Payment Card Industry (PCI), the European Union, etc. all have their own standards to follow for data transmission and storage. It can take a great deal of time and effort to ensure that your environment complies with these standards. When it comes to HIPAA compliance, the ability to isolate and keep data private is especially important. Dedicated Cloud Compute has a recommended architecture for HIPAA compliance that ensures that many of the HIPAA standards are met. Below you can see a visual of the architecture, along with the corresponding HIPAA requirements that each part contributes to.


Dedicated Cloud Compute HIPAA Architecture
A

Dedicated Managed Firewall Service with Intrusion Detection and Prevention

HIPAA 164.312(c)(1) Implement electronic mechanisms to corroborate that ePHI has not been altered or destroyed in an unauthorized manner.
B

Data Protect Encrypted Backup Service

HIPAA 164.310(d)(1) Create a retrievable, exact copy of ePHI, when needed, before movement of equipment.
C

Managed Active Directory Service with Custom Rules

HIPAA 164.312(a)(1) Assign a unique and/or number for identifying and tracking user identity.
D

Vormetric Encryption and Key Management

HIPAA 164.312(a)(1) Implement a mechanism to encrypt and decrypt ePHI.
HIPAA 164.312(e)(1) Implement security measures to ensure that electronically transmitted ePHI is not improperly modified without detection until disposed of.
E

Managed VPN with Two-Factor Authentication

HIPAA 164.312(e)(1) Implement a mechanism to encrypt ePHI whenever deemed appropriate.
F

Managed Threat Management Security Scanning and Penetration Testing

HIPAA 164.312(c)(1) Implement electronic mechanisms to corroborate that ePHI has not been altered or destroyed in an unauthorized manner.
G

Integrity Monitoring (Tripwire)

HIPAA 164.312(b) Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use ePHI.
HIPAA 164.312(c)(1) Implement electronic mechanisms to corroborate that ePHI has not been altered or destroyed in an unauthorized manner.
HIPAA 164.312(e)(1) Implement a mechanism to encrypt ePHI whenever deemed appropriate.
H

Managed Intrusion Detection and Prevention (IDS/IPS)

HIPAA 164.312(c)(1) Implement electronic mechanisms to corroborate that ePHI has not been altered or destroyed in an unauthorized manner.
I

Log Management

HIPAA 164.312(b) Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use ePHI.
HIPAA 164.312(c)(1) Implement electronic mechanisms to corroborate that ePHI has not been altered or destroyed in an unauthorized manner.
HIPAA 164.312(e)(1) Implement a mechanism to encrypt ePHI whenever deemed appropriate.
J

Custom Storage Array (SAN)

HIPAA 164.312(a) Implement a mechanism to encrypt and decrypt ePHI.

The CenturyLink Products and Services illustrated in this document are guidelines for implementing a HIPAA compliant solution using Dedicated Cloud. Attaining overall HIPAA compliance remains the responsibility of the Customer.