Article

Azure & HIPAA HITECH Compliance: Four Configuration Safeguards for Your Data

by Rob Curls
Solutions Consultant, Concerto Cloud Services,

Many companies are looking to get out of the datacenter business and onto services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads. And for organizations in the healthcare industry adhering to HIPAA and HITECH Standards, there are a few keys to safeguarding their sensitive data.

Microsoft supports running workloads with Electronic Protected Health Information (EPHI) in Azure, but as discussed in an earlier article, it is important to understand their stance on Business Associate Agreements (BAAs) and the shared risk model. In this model, the customer bears the burden of configuring the environment, or ensuring their service providers adhere to HIPAA and HITECH standards.

Therefore, in this article, we discuss four key safeguards an organization can take when deploying workloads into Azure. To this end, the federal government doesn't clearly outline in black and white what is required for HIPAA and HITECH, as much as require an organization to implement safeguards that are reasonable for their size. The below keys are some of the safeguards a mid-market healthcare organization would be expected to implement to protect personal data.

Disable access from external networks or encrypt data in transit

By default, Azure Virtual Machines allow for Remote Desktop Services (RDS) and Remote PowerShell directly from the internet. This can easily be disabled by administrators, and should be to prevent access from external networks. If there is a need to publish access directly over the internet, all data in transit should be encrypted via SSL. For traffic between a client site and an Azure virtual network, customers can leverage either a site to site VPN, or an Express Route connection.

Monitor ...

FREE Membership Required to View Full Content:

Joining MSDynamicsWorld.com gives you free, unlimited access to news, analysis, white papers, case studies, product brochures, and more. You can also receive periodic email newsletters with the latest relevant articles and content updates.
Learn more about us here

Get full access

Business Central Cloud Customer Engagement Data Management Dynamics 365 Dynamics AX Dynamics CRM Dynamics GP Dynamics NAV Finance and Operations Health & Wellness Healthcare Power Automate Regulatory Compliance
About Rob Curls

As a Solutions Consultant for Concerto Cloud Services, my primary focus is educating customers on technologies that are available and designing solutions that will achieve their strategic objectives. With a focus on cloud solutions, my responsibilities include architecting complex workloads utilizing best of bread technology and service providers, developing and presenting in person and online presentations and demonstrations with customers and industry experts, as well as working with our team to ensure we stay on the cutting edge as a cloud service provider.

With more than 14 years of technology experience, I have a diverse background which has enabled me to work in challenging industries such as Healthcare, Professional Services, and Defense. I've consulted organizations ranging in size from small start ups to large globally dispersed organizations, and I'd love the opportunity to sit down and discuss your needs.

More about Rob Curls