© 2013 VMware Inc. All rights reserved

Cloud, HIPAA and the IT Healthcare Revolution:HIPAA and HITECH -

Implications for Corporate Compliance

January 2016

Welcome and Introductions

2

Lilac Schoenbeck VP Product Marketing

Frank KriegerDirector of

Compliance

HIPAA and HITECH

• Provides the ability to transfer and continue

health insurance coverage

• Reduces health care fraud and abuse

• Mandates industry-wide standards for health

care information on electronic billing and

other processes

• Requires the protection and confidential

handling of protected health information

Quick History of HIPAA

HIPAA was established in 1996

• HITECH Act addresses the privacy and

security concerns associated with the

electronic transmission of health information

• Provided guidance for use of 3rd party cloud

services through use of Business Agreements

Quick History of HITECH

HITECH Act was enacted in 2009

Overarching IT Requirements of HIPAA and HITECH

Compliance

Patient Privacy

Physical Security

Data Security

Oversight and Governance

Vendor Verification –

Procurement Management

Patient Privacy

Explanation of usage of patient

information

Notification of changes to privacy

policies and statements

Restrict access to those requiring it

Physical Security -

Data center access

Physical and removable media

Staff and guest access controls

Data Security

Access Control

• Role based

• Limited access

• Testing

Encryption

• At rest

• In transit

Breach Notifications

• Encryption is HUGE here

Oversight and Governance

Perform risk evaluations

Maintain system logs

Track changes and service requests

Show remediation activities through incident

and problem processes

Perform training

Vendor Verification – Procurement Management

Request 3rd Party Auditor Reports

Perform semi-annual audits of your

suppliers

Perform DR and other tests to check

readiness of suppliers

iland’s HIPAA/HITECH Solutions

iland delivers a breadth of cloud services

Reserved & Pay-as-you-Go

IaaS

Isolated resources in a

hosted cloud

Fast and reliable DRaaSExternally-hosted backup

• Separate servers and/or

storage

• Control down to the

hypervisor level

• Included industry-leading

management portal

• Near-real time recovery

• Self-service testing

• Network and legacy system

flexibility

• Based on Veeam Cloud

Connect technology

• Stores data safely in your

choice of locations

• Low, archive storage

pricing

• Industry-leading

management portal

• Included extras like 7-

day backup and VPN

• Simplified and

transparent pricing

Enterprise

Cloud Services

Disaster Recovery

as a Service

Private Cloud Cloud Backup

Available with Advanced Security & Compliance

iland Enterprise Cloud Services Console

Straightforward, complete VM management, driven by Big Data back end for exceptional analytics

• Real-time & historical billing & performance statistics

• Network management - from firewalls to VPNs

• Integrated iland DRaaS Management

• Embedded security and compliance reporting

• 7-day back up, custom alerts & shareable graphs

• Ongoing innovation through quarterly updates

iland Embedded & Advanced Security Features

For all IaaS, DRaaS and Private Cloud users

• Console-based non-intrusive vulnerability

scanning

• Role-based access control

• Two-factor authentication

• ECS event & login event history

• Support ticket history

• Available VM encryption

Heightened security & compliance support

• Firewall event reporting & blocking

• OS and application integrity monitoring

• Web reputation reporting & blocking

• Deep Packet inspection for:

• Intrusion prevention & detection

• Web application protection

• Application control

• Anti-virus / anti-malware scanning and

quarantine

• Storage-based encryption

• Available VM encryption

Advanced SecurityECS Security

Encryption Options

Storage-based Encryption

• Included in the ECS-AS platform

• Protects physical disks in a physical data center breech

• Iland holds the encryption key at the datacenter level

VM Encryption with Hytrust

• Add-on feature for ECS and ECS-AS

• Protects VMs in a digital breech

• Customer holds encryption key

• Purchased on a per-VM basis

• Can integrate with on-premise Hytrust

iland’s compliance team can help

• Signed Business Associates Agreement (BAA)

• Support for responding to audits and interpreting reports

• Provide supporting documentation relating to HIPAA

specifications

HIPAA Compliance

Certified compliance experts available to answer your questions

• Review of regulatory requirements and audit reports

• Support in correlating reports with industry regulations

• Assistance in aligning you with industry regulation controls

utilizing the ITIL 2011 framework

Compliance

Ensuring HIPAA and HITECH Compliance

• # 1 item to remember – BE ABLE TO PROVE IT

• Start with an in-house review

• Confirm your 3rd Party Suppliers are meeting the

requirements you must operate under

• Work with your in-house Legal and/or Compliance

teams to ensure you can generate process output

“proof”

• Seek professional assistance if you do not have an

in-house Compliance or Legal team

Ask Frank about Safe Harbor or

other compliance requirements:

www.iland.com/contact

19

Learn More