Gaining HIPPA cloud certification

Posted on 2014-08-25
Last Modified: 2016-06-06
Our company converts both paper and electronic data to fully searchable PDFs.  We process in a cloud and want to know what is required for HIPPA certification.  

Scanned documents will be sent from a hospital to our cloud where our software classifies the documents as to type and removes duplicates.  The software then vastly enhances the OCR process and either the hospital or a 3rd party finishes the QC process.  The finished product is always returned to the originator and the result is a fully searchable PDF from either paper or electronic documents.  

Thanks for the assistance.
Question by:Jack blake
    LVL 14

    Accepted Solution

    First, make sure you are going with a HIPAA compliant cloud provider, as HIPAA defines cloud providers as "associates." These are the minimum steps one should take -

    Find a CSP that offers a HIPAA-compliant cloud offering. Ideally, they should be able to validate that they have met the HIPAA compliance requirements as defined by the Office for Civil Rights (OCR) through an independent audit.
    Get your CSP to sign a Business Associate Agreement, which will ensure they take on appropriate responsibility for their side of HIPAA compliance.
    Make sure that you connect the dots between your infrastructure and that of your CSP from a compliance standpoint. You don’t want to leave any security holes that might be exposed during data transfer.
    Compliant does not always mean secure. If you want to prevent costly notification in the event of a breach, make sure your data is encrypted, and that you hold and maintain your encryption keys.
    Also familiarize yourself with the recently updated breach notification guidelines, and remember that HIPAA compliant does not mean secure. I'd work with intrusion detection services or software to do some initial security testing as well to cover your butt in case of a breach. The Department of Health and Human Services doesn't take breaches lightly, especially after the recent Chinese hacking fiasco.
    LVL 51

    Assisted Solution

    by:Joe Winograd, EE MVE
    I'm sure you mean HIPAA (Health Insurance Portability and Accountability Act), not HIPPA. A good place to start is the HHS website itself. Here is a link to all the regulatory standards in a single document — very convenient:

    The summaries at the site are also helpful:

    Summary of the HIPAA Privacy Rule

    Summary of the HIPAA Security Rule

    There are plenty of third-parties that can help, but the HHS site itself has a wealth of information. Regards, Joe
    LVL 51

    Expert Comment

    by:Joe Winograd, EE MVE
    Hi Jack,
    I'm trying to clean up some open questions and noticed that we haven't heard from you in two months on this one. Please let us know where things stand. If the info that Brad and/or I provided is sufficient, please select the solution(s) and close the question; if not, please let us know where it comes up short. Thanks very much, Joe
    LVL 142

    Expert Comment

    by:Guy Hengel [angelIII / a3]
    I've requested that this question be deleted for the following reason:

    Not enough information to confirm an answer.
    LVL 51

    Expert Comment

    by:Joe Winograd, EE MVE
    The question is: "We process in a cloud and want to know what is required for HIPPA certification."

    The answer was provided by both experts. First, Brad's post is excellent, especially the comment to go "with a HIPAA compliant cloud provider". Everything else in his post is spot-on and deserves to be the Accepted Solution.

    My post also contains answers to the question, pointing out that what is required for HIPAA certification is contained in the regulatory standards published at, including both the HIPAA Privacy Rule and the HIPAA Security Rule.

    In summary, I recommend this:

    Brad's post https:#a40283006 should be the Accepted Solution for 300 points.

    My post https:#a40283040 should be an Assisted Solution for 200 points.

    Regards, Joe
    LVL 51

    Expert Comment

    by:Joe Winograd, EE MVE
    Thank you, thermoduric — much appreciated! Regards, Joe

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    With the internet and the ease of information transference, many professional jobs can be done anywhere today.  Why should it make a difference whether an x-ray is read in India or the United States as long as the radiologist is qualified?   Outso…
    PaperPort has a feature called the "Send To Bar". It provides a convenient, drag-and-drop interface for using other installed software, such as Microsoft Office. However, this article shows that the latest Office 2016 apps (installed with an Office …
    This video shows the viewer how to set up and create Footnotes in their document. Click on the References tab: Select "Insert Footnote": Type in desired text:
    The viewer will learn how to create a normally distributed random variable in Excel, use a normal distribution to simulate the return on an investment over a period of years, Create a Monte Carlo simulation using a normal random variable, and calcul…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now