What is HIPAA?
In 1996, Health Insurance Portability and Accountability Act (HIPAA) - is a law enacted by the U.S. government to regulate how healthcare and insurance providers should enable the security and privacy of Protected Health Information (PHI). There have been several amendments and additions to HIPAA, including the HITECH Act in 2009 that strengthened privacy and security provisions, and the 2013 omnibus amendments that expanded HIPAA scope to include subcontractors, and further restricted use of PHI.
HIPAA + Cloud
When using Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), compliance is a shared responsibility between the CSP and the customer. You as the customer are responsible for configuring and using cloud services in a way that comply with the applicable directives contained within HIPAA.
Ensuring continuous compliance across one or more CSPs can be extremely challenging.
Cloud platform adoption has accelerated medical innovations like drug discoveries, new treatments, to increased efficiency at the hospitals. However, patient medical confidentiality and compliance with HIPAA has become even more complex.
Gartner says, 50% of cloud security failures are the result of inadequate management of identities, access and privileges. By 2023, that number will climb to 75%. For anyone familiar with IaaS/PaaS environments, the reasons are clear. With thousands of human and machine identities, compute and data resources, and hundreds of different policies, it is extremely difficult to identify and remove excessive permissions. At the same time, the speed and agility of development mean that the Privilege Gap is constantly widening.
Cloudanix was built to solve this problem! We automate entitlement management for public cloud applications. We provide your teams with a complete picture of the assets in your environment, visualizes entitlements, and surfaces risks. With Cloudanix, you can continuously identify and analyze excess permissions, and automate implementation of least-privilege policies, in accordance with your organizational practices.