Share this article on:
If you are a HIPAA-covered entity considering moving some of your IT infrastructure to the cloud, you may be wondering if VMware is HIPAA compliant and if you can use VMware’s services in a manner compliant with HIPAA Rules.
VMware provides a platform that supports the virtualization of IT infrastructure, with the company best known for its vSphere VMware Hypervisor that allows the virtualization of x86 or x64 architecture. The company has also developed a wide range of products and services including virtualized storage and networking, desktop software, cloud management services through CloudHealth, private data centers and the hybrid cloud solution, VMware Cloud on AWS.
VMware Cloud on AWS
In June 2018, VMware announced that it had completed its third-party examination of VMware Cloud on AWS and has confirmed that it now offers a HIPAA-compliant virtual cloud environment for HIPAA covered entities and vendors serving the healthcare industry. Through VMware Cloud on AWS, healthcare customers “can operate a consistent and seamless hybrid IT environment that combines the VMware software they love with the unmatched functionality, security, and operational expertise of the AWS Cloud,” according to VMware. VMware will sign a business associate agreement covering the service.
VMware Cloud on AWS incorporates all the necessary security measures to allow HIPAA covered entities and their business associates to run HIPAA-regulated apps and host PHI in the cloud. VMware has also released Horizon 7 for VMware Cloud on AWS, which supports the virtualization of clinical desktops in the cloud.
Other VMware Solutions
VMware has developed a range of compliance-oriented integrated solutions for use by organizations in regulated environments such as healthcare, including VMware vSphere, VMware vCenter Server, VMware ESX and many more. The full compliance status of the company’s solutions are beyond the scope of this article, but you can find information about VMware’s solutions with respect to HIPAA in this PDF document, which covers its products and how they comply with the technical, physical, and administrative requirements of the HIPAA Security Rule.
Is VMware HIPAA Compliant?
VMware supports HIPAA compliance for a wide range of its solutions and will sign a business associate agreement with HIPAA covered entities. Its solutions can be made HIPAA compliant, but healthcare organizations must ensure those solutions are configured correctly. Some of the requirements of HIPAA are only partially addressed by VMware, and it is the responsibility of HIPAA-covered entities to ensure the products are configured and used in a fully compliant manner.