HIPAA compliant cloud for sensitive health data

Abstract

Cloud environments offer flexibility, elasticity, and low cost compute infrastructure. Electronic health records (EHRs) require infrastructure which is regulated under several IT compliances with security and data persistence and restore. To enable customers to bring sensitive medical data in the cloud, we enabled the IBM Watson Health Cloud (WHC) for compliance with the U.S. federal electronic health record regulation. This paper briefly outlines how we create HIPAA- (Health Insurance Portability and Accountability Act) compliant cloud computing. We focus on the privacy and security rules for protecting Protected Health Information (PHI) and use data encryption for data-in-motion and data-At-rest. To meet HIPAA requirements for data persistence, we implement data back-ups, archiving service and disaster recovery plan. In this paper, we discuss various challenges and lessons learned for implementing the diverse set of compliance features required by HIPAA in the IBM WHC cloud.