HIPAA Compliant Cloud Computing Platforms

Cloud computing platforms include online storage, databases, and servers, and other computing solutions on the “cloud.” If you use cloud computing to store and manage data for your medical services, find out which tools are HIPAA-compliant in order to keep patient data safe and secure. JotForm is a cloud-based online form builder, meaning all your forms and submissions can be accessed from any computer or mobile device as long as you’re signed into your account. Plus, our integrations with apps such as Google Drive, Dropbox, and Box let you seamlessly send data to your cloud accounts without violating HIPAA or disclosing PHI.

Listing 13 Results for “Cloud Computing Platforms

Carbonite

Carbonite

Carbonite uses internal privacy and security provisions to safeguard medical information. These services support HIPAA requirements, as long as healthcare customers sign a Business Associate Agreement.HIPAA requires business associates to implement risk management measures that protect the integrity, confidentiality, and availability of patient information. Carbonite meets this standard through real-time monitoring, a secure firewall, encryption, a vulnerability management program, and a formal incident response process for information security threats.Physical security measures include restricted access at Carbonite’s facilities, so only authorized employees, third parties, and visitors can enter. Twenty-four-hour security includes both interior and exterior cameras as well as an alarm system and an electronic card access control system.Additionally, Carbonite restricts access to software programs, allowing only authorized employees access. When a customer needs to dispose of data, authorized individuals wipe the drive, then complete a full write of the drive and a full read to ensure it is blank.Carbonite uses vendors that maintain HIPAA-compliant practices, ensuring the same privacy standards for all Carbonite services.You must have a Carbonite Safe Pro subscription for HIPAA compliance. The BAA provides contractual assurances that Carbonite understands and implements strategies for safeguarding PHI. Carbonite Safe Pro also gives administrators access to view user activity and logins.Since HIPAA regulations can be challenging to navigate, Carbonite provides a HIPAA handbook to guide customers in keeping their backups HIPAA compliant.
RingCentral

RingCentral

RingCentral is a HIPAA-compliant option that healthcare organizations can use to transmit and store patient health information. As a cloud service provider, RingCentral takes a proactive approach in ensuring privacy and safety for all communications.The service boasts a “seven layers of security” approach to securing data that transfers through their services. These seven layers include physical, network, data, host, business process, application, and enterprise-level security measures.Available HIPAA security measures include transmission security in the form of transport layer security (TLS) and secure real-time transport protocol (SRTP). This encryption means that information is secure at rest and when in motion. Infrastructure security uses vulnerability scans, firewalls, user authentication, and intrusion detection. Additionally, RingCentral data centers have state of the art security protocols with onsite guards and electronic prevention systems.Healthcare customers must implement proper security measures using the features listed above. Employee training is another important element to ensure the team is using these cloud services in a HIPAA-compliant manner.When a healthcare organization uses these services with patient health information, RingCentral is classified as a business associate. Therefore, healthcare organizations using RingCentral services must obtain a signed business associate agreement (BAA). RingCentral offers its own BAA, which customers can obtain by contacting their personal representative.
23andMe

23andMe

23andMe isn’t HIPAA compliant because the Health Insurance Portability and Accountability Act (HIPAA) only applies to healthcare organizations and providers, such as physicians, insurance companies, hospitals, and applicable business associates. HIPAA doesn’t apply to private genetic testing and genealogy services, such as 23andMe and other similar businesses. These services aren’t considered covered entities.Current HIPAA privacy laws were in place before genetic privacy became a concern. HIPAA laws don’t protect personal data shared with genealogy testing providers. The collection of genetic information gives 23andMe more sensitive information than a healthcare provider or a doctor. Unfortunately, HIPAA doesn’t hold these genetic testing services to the same standard of confidentiality as covered entities.Few restrictions are in place outside of HIPAA to protect genetic data. For example, the government might access genetic information in private or public databases if national security is at risk. Individuals who contribute DNA to 23andMe could face law enforcement scrutiny if a relative’s genetic data provides probable cause in a criminal investigation. (23andMe only releases clients’ information to law enforcement upon receipt of a court order).23andMe also collects other information through social media and real-time tracking of online activity. The company uses this data for marketing. It also shares customer information for research, as long as customers consent to participate in its research efforts.