HIPAA Compliance, PCI Compliance and Financial Services in the Cloud: What You Need to Know

August 15, 2014 by Megan Gish

Many cloud hosting providers solve cloud security concerns by choosing the right physical and virtual devices. Where other cloud providers stop, Bluelock excels providing a strategic approach to virtual datacenter compliance.

But, before we go too far down the road of how Bluelock can be your partner in cloud compliance, let’s define just a few of the regulatory concerns you might have:

HIPAA: The Health Insurance Portability and Accountability Act sets standards for protecting individually identifiable information. Title II refers to electronic information.

HITECH: The Health Information Technology for Economic and Clinical Health Act stipulates financial incentives for healthcare providers that demonstrate meaningful use of electronic health records.

BAA: The Business Associate Agreement is a contract between the “HIPAA covered entity” and business associate that protects personal health information.

Now that we understand these acronyms a little bit better, let’s take a closer look at how Bluelock supports regulatory requirements in the cloud:

SSAE 16 SOC 2: SOC II audits have controls around security, availability, processing integrity, confidentiality, and privacy. Bluelock has a SSAE 16 SOC 2 audited datacenter, located in a Tier 3 accredited facility (east zone) and SOC 3 audited datacenter in Tier 4 accredited facility (west zone).

Tier 3 & Tier 4 Datacenters: The highest quality datacenter facilities, these are located 1,500 miles apart and 500 miles from each U.S. coast, meeting every published business continuity practice. Only 3.02% of datacenters in the U.S. are Tier 3 or Tier 4 rated.

The above definitions are the devices we use; however, Bluelock also partners with you to achieve success through compliance and reduce the likelihood of auditing fines and penalties. This short cloud compliance Q&A will help:Cloud Compliance

Can I host HIPAA and HITECH workloads at Bluelock?

Bluelock has extensive experience helping companies with HIPAA, HITECH, and other regulatory requirements securely host auditable workloads in the cloud.

Is Bluelock HIPAA compliant? What about auditing?

Bluelock is committed to working directly with clients to successful pass all HIPAA audits and ensure total compliance and no HIPAA violations. Total compliance requires a complete partnership between the clients and the cloud vendor, with each side doing their part to work toward a common goal. Based on qualified workloads, audit reports are available upon requests.

How does Bluelock ensure HIPAA and HITECH compliance for hosted workloads?

Bluelock’s extensive success record of hosting regulated workloads provides clients with confidence that they have a knowledgeable team that can help navigate any secure, compliant hosting challenge. In addition, we maintain a strict set of auditable guidelines for its controlled infrastructure, tools, and processes.

For more cloud compliance insights, download the following resources:

FinServIcon

HIPAAICON

PCIicon