Is IBM Cloud HIPAA Compliant?
Is IBM Cloud HIPAA compliant? Is the cloud platform suitable for healthcare organizations in the United States to host infrastructure, develop health applications and store files? In this post we assess whether the IBM Cloud supports HIPAA compliance and the platform’s suitability for use by healthcare organizations.
IBM offers a cloud platform to help organizations develop their mobile and web services, build native cloud apps, and host their infrastructure along with a wide range of cloud-based services for the capture, analysis, and processing of data.
The platform has already been adopted by many healthcare providers, payers, and health plans, and applications and portals have been developed to provide patients with better access to their health information.
IBM Cloud Security
IBM is a leader in the field of network and data security, and its expertise has meant its cloud platform is highly secure. Security is built into the core of all of the firm’s software and services to ensure that sensitive data remains confidential and cannot be accessed by unauthorized individuals. Its audit and security reports are made available to its clients to assess during risk analysis and risk management processes.
Business Associate Agreement for the IBM Cloud Platform
Since 2014, IBM has been offering its cloud services to healthcare clients and has been entering into business associate agreements for its social, mobile, meetings, and mail cloud offerings.
IBM’s business associate agreements covers the IBM Cloud and details its responsibilities for security, including technical and physical controls in its data centers, permitted uses and disclosures of PHI, use of subcontractors, and its reporting requirements in the event of a security breach.
Healthcare customers must ensure they have a signed copy of the business associate agreement from IBM before any IBM cloud services are used in conjunction with protected health information.
IBM also offers HIPAA covered entities and their business associates services to help them configure their cloud applications correctly and create appropriate privacy and security solutions.
Is the IBM Cloud HIPAA Compliant?
Is the IBM Cloud HIPAA compliant? IBM meets its responsibilities as a business associate by ensuring its cloud platform meets and exceeds the minimum requirements of the HIPAA Security Rule and IBM agrees to abide by the HIPAA Privacy Rule and Breach Notification Rule.
IBM will enter into a business associate agreement with HIPAA covered entities covering the IBM Cloud, So the IBM Cloud can be considered a HIPAA compliant cloud platform.
However, HIPAA compliance is a shared responsibility. IBM only provides the security and the tools to ensure its cloud platform can be used without violating HIPAA Rules. It is the responsibility of HIPAA-covered entities to ensure that cloud-based infrastructure and applications are not misconfigured, and that stored files are appropriately secured.