All healthcare organizations in the U.S., or any organization that has access to protected healthcare information (PHI), must adhere to the guidelines of both the Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH). It’s important to employ the best practices since HIPAA requirements are vague and some can be overlooked.
In many cases, for a healthcare company to use a service like Microsoft Azure, their service provider must provide a written agreement called a Business Associate Agreement (BAA) to adhere to certain security requirements set out in HIPAA and the HITECH Act. Azure does include features to help enable your privacy and security compliance, but you are ultimately responsible for ensuring that your Azure environment complies with HIPAA and other regulations.
When considering placing PHI in Azure, it’s important to know that Azure is certified according to physical, technical, and administrative safeguards that make up HIPAA. It provides a compliant foundation for healthcare industry organizations, but it’s your responsibility to sign a BAA with your service provider outlining these services. The BAA ensures that your organization will leverage Azure services while adhering to HIPAA compliance.
Connectria provides a BAA to all customers, especially those with a HIPAA Compliant Hosting plan. For instance, ePreop, a Connectria customer since 2009, decided to move their HIPAA compliant platform to Azure. They chose to move to Azure because of its scalability and their global data center footprints. As a software company whose Software as a Service (SaaS) platform assists in care coordination of surgical patients, they had to ensure that their Azure environment remained HIPAA compliant.
After evaluating the benefits of Microsoft Azure, including integration, credibility and customization, ePreop decided to sign a BAA with Connectria for our HIPAA compliant services on Azure. The BAA will ensure our services and benefit the company with reduced time, cost and risk, audited security controls and processes, SaaS support, and a dedicated compliance team.
If you have any questions regarding HIPAA compliance, Microsoft Azure, or any of Connectria’s services and solutions, please contact us.