Keeping compliance requirements for a system up-to-date can be hard and time-consuming—the Health Insurance Portability and Accountability Act (HIPAA), the Payment Card Industry (PCI), the European Union, etc. all have their own standards to follow for data transmission and storage. It can take a great deal of time and effort to ensure that your environment complies with these standards. When it comes to HIPAA compliance, the ability to isolate and keep data private is especially important. Dedicated Cloud Compute has a recommended architecture for HIPAA compliance that ensures that many of the HIPAA standards are met. Below you can see a visual of the architecture, along with the corresponding HIPAA requirements that each part contributes to.
HIPAA 164.312(c)(1) | Implement electronic mechanisms to corroborate that ePHI has not been altered or destroyed in an unauthorized manner. |
HIPAA 164.310(d)(1) | Create a retrievable, exact copy of ePHI, when needed, before movement of equipment. |
HIPAA 164.312(a)(1) | Assign a unique and/or number for identifying and tracking user identity. |
HIPAA 164.312(a)(1) | Implement a mechanism to encrypt and decrypt ePHI. |
HIPAA 164.312(e)(1) | Implement security measures to ensure that electronically transmitted ePHI is not improperly modified without detection until disposed of. |
HIPAA 164.312(e)(1) | Implement a mechanism to encrypt ePHI whenever deemed appropriate. |
HIPAA 164.312(c)(1) | Implement electronic mechanisms to corroborate that ePHI has not been altered or destroyed in an unauthorized manner. |
HIPAA 164.312(b) | Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use ePHI. |
HIPAA 164.312(c)(1) | Implement electronic mechanisms to corroborate that ePHI has not been altered or destroyed in an unauthorized manner. |
HIPAA 164.312(e)(1) | Implement a mechanism to encrypt ePHI whenever deemed appropriate. |
HIPAA 164.312(c)(1) | Implement electronic mechanisms to corroborate that ePHI has not been altered or destroyed in an unauthorized manner. |
HIPAA 164.312(b) | Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use ePHI. |
HIPAA 164.312(c)(1) | Implement electronic mechanisms to corroborate that ePHI has not been altered or destroyed in an unauthorized manner. |
HIPAA 164.312(e)(1) | Implement a mechanism to encrypt ePHI whenever deemed appropriate. |
HIPAA 164.312(a) | Implement a mechanism to encrypt and decrypt ePHI. |
The Lumen Products and Services illustrated in this document are guidelines for implementing a HIPAA compliant solution using Dedicated Cloud Compute. Attaining overall HIPAA compliance remains the responsibility of the Customer.