Cloud
Security
August 13, 2021 By Vidyasagar Machupalli 3 min read

Learn how to enable HIPAA support for your account to protect health data.

With the rapidly expanding volume of personal information in the cloud, including Protected Health Information (PHI), it is critical to describe how the cloud is secured via critical services such as authentication, authorization, auditing, and end-client access.

Overview

The US Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act define standards for handling electronic healthcare transactions and information. If you or your company is a covered entity as defined by HIPAA, you must enable the HIPAA Supported setting if you run sensitive workloads that are regulated under HIPAA and the HITECH Act. Learn more about IBM Cloud compliance at Compliance on the IBM Cloud.

A quick intro to IBM Cloud 

IBM’s public cloud is a suite of cloud computing services that offers an extensive array of IaaS and PaaS capabilities to help enhance the security, accessibility and usability of clients’ business-critical needs. IBM Cloud leverages strategic services from third-party IBM Business Partners.

With IBM Cloud Infrastructure as a Service (IaaS), organizations can deploy and access virtualized IT resources — such as compute, storage and networking resources — remotely using the internet. For compute, organizations can choose bare metal or virtual server instances. 

With IBM Cloud Platform as a Service (PaaS), developers can use IBM services to create, deploy, run and manage various types of applications, including those used for HIPAA-compliant workloads. Developers can leverage various programming languages supported by IBM Cloud, including Java, Node.js, PHP, GO and Python.

HIPAA-ready vs HIPAA-neutral services 

HIPAA-ready, as used in this post, simply means the offering is ready to accept HIPAA data. HIPAA compliance, as distinguished from HIPAA-ready, involves actually meeting the HIPAA requirements on an ongoing basis. The client is responsible for its own compliance to the extent it has control over elements of compliance, and it is the client’s responsibility to understand, assess and comply with its applicable requirements.

A list of HIPAA-ready IBM Cloud services can be found at the IBM Cloud Compliance site. Other IBM Cloud services not listed may also be HIPAA-ready, have readiness in-progress or have been deemed HIPAA-neutral. HIPAA-neutral means a capability which operates without implicating HIPAA. For instance, IBM Cloud has several PaaS services that are HIPAA-ready or may be HIPAA-neutral based on the inherent nature of the service.

Some of the HIPAA-ready announcements:

Enable HIPAA support for your account

Accounts that enable the HIPAA Supported setting still have access to the full catalog of services. IBM Cloud services typically offer multiple plans. The HIPAA Enabled label on a service can apply to all available plans or be limited to specific plans or configurations. You, as the client, are solely responsible for limiting PHI to HIPAA Enabled product plans and architecting in accordance with HIPAA and HITECH.

  1. Navigate to https://cloud.ibm.com and log into your account.
  2. Go to Manage > Account, and select Account settings in the console.
  3. For the HIPAA Supported option, click On.
  4. Read the information about enabling this setting.
  5. Select Accept, and click Submit. Remember, you can’t disable the setting after you enable it.

Enabling this setting has the following effects:

  • Enables you to filter on HIPAA Enabled services in the catalog.
  • Indicates to IBM that your account stores protected health information (PHI).
  • Digitally accepts the IBM Business Associate Addendum (BAA) for covered entities.

After you enable the HIPAA Supported setting, you can use the HIPAA Enabled filter to find products that are HIPAA enabled. In the IBM Cloud catalog, expand the Compliance section and select HIPAA Enabled.

Governing resource configuration for platform services

If you are a security or compliance focal, you can use the IBM Security and Compliance Center to define configuration rules for the platform services that you’re working with in IBM Cloud. With IBM Cloud Security and Compliance Center, you can embed security checks into your every day workflows to help monitor for security and compliance.

Config rules are used to enforce the configuration standards that you want to implement across your accounts. A configuration rule is a JSON document that defines the configuration of resources. With the IBM Cloud Security and Compliance Center, you can create rules for specific IBM Cloud resource types to govern the way that resources in your account can be provisioned or configured. Refer security and compliance config rule to understand what makes up a rule, the services to which the rule be applied and answers to other questions.

What’s next?

If you have any queries, feel free to reach out to me on Twitter or on LinkedIn

Was this article helpful?
YesNo
Vidyasagar Machupalli
Sr. Solutions Architect & Cloud Deployment Leader

More from Cloud
May 9, 2024

24 IBM offerings winning TrustRadius 2024 Top Rated Awards

2 min read - TrustRadius is a buyer intelligence platform for business technology. Comprehensive product information, in-depth customer insights and peer conversations enable buyers to make confident decisions. “Earning a Top Rated Award means the vendor has excellent customer satisfaction and proven credibility. It’s based entirely on reviews and customer sentiment,” said Becky Susko, TrustRadius, Marketing Program Manager of Awards. Top Rated Awards have to be earned: Gain 10+ new reviews in the past 12 months Earn a trScore of 7.5 or higher from…

May 8, 2024

Helping enterprises across regulated industries leverage hybrid cloud and AI

3 min read - At IBM Cloud, we are committed to helping enterprises across industries leverage hybrid cloud and AI technologies to help them drive innovation. For true transformation to begin, we believe it is key to understand the unique challenges organizations are facing—whether it is keeping data secured, addressing data sovereignty requirements or speeding time to market to satisfy consumers. For those in even the most highly regulated industries, we have seen these challenges continue to grow as they navigate changing regulations. We…

May 8, 2024

Migration Acceleration Program for IBM Cloud

2 min read - The cloud has emerged as a transformative technology platform, offering flexibility, scalability and cost-effectiveness. Enterprise cloud migration strategies seek to be business-driven with an integrated technology, operational and financial adoption plan. Knowing where you are, where you are going, and how you get there is critical to sustainable success. Building an end-to-end plan with confidence can be a daunting undertaking, and enterprise leaders find it challenging to design and execute a cloud migration plan. To address these challenges, we continue…

IBM Newsletters

 Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters