TurtleBytes attended its first AWS (Amazon Web Services) Phoenix Meetup Group last week, which was hosted by Choice Hotels located in North Phoenix, AZ. The hot topic for the evening was an Overview of HIPAA Compliancy Presented by ClearDATA.
Healthcare information is very valuable, and it actually ranked #1 in data breaches in the first six months of 2015.
HIPAA’s Security Rule regulates and protects the privacy of health information that is stored or transferred in electronic form, known as ePHI (electronic protected Information). This rule however, does not apply to information that is transmitted orally or in writing.
This Security Rule requires covered entities and business associates to maintain reasonable and appropriate ways to protect ePHI. These include, administrative, technical and physical protection.
If notification of a breach against the information has been received, it must be investigated followed by a process of isolation, investigating the source, remediation and reporting. If the breach incidents are unsuccessful and there are less than 500, it is required to be logged internally. If the breach incidents were successful and there are more than 500, the breach must be logged externally as well.
Penalties can vary from $100 per failure to $250,000 plus 10 years of imprisonment depending on the violation. To find out if you are a covered entity you can go to CMS.gov to determine whether you need to comply with HIPAA before you get fined!
AWS offers 9 services that are BAA (HIPAA - Business Associate Agreement) covered.