IBM Cloud & HIPAA Compliance
IBM provide a cloud platform to help groups develop their mobile and web services, create native cloud apps, and host their infrastructure along with a wide variety of cloud-based services for the capture, analysis, and processing of data.
The platform has already been implemented by many healthcare suppliers, payers, and health plans, and applications and portals have been created to provide patients with better access to their healthcare data.
IBM is a leader in the field of network infrastructure and data security, and its expertise has meant its cloud platform is highly safe. Security is included in the core of all of the firm’s software and services to ensure that sensitive data remains private and cannot be accessed by unauthorized people. Its audit and security reports are made available to its clients to assess during risk analysis and risk management processes.
IBM Cloud Platform and Business Associate Agreement
Since 2014, IBM has been supplying its cloud services to healthcare clients and has been completing into business associate agreements for its social, mobile, meetings, and mail cloud offerings.
IBM’s business associate agreements includes the IBM Cloud and lists its responsibilities for security, including technical and physical controls in its data centers, aloowable uses and disclosures of PHI, use of subcontractors, and its reporting requirements following a security breach.
Healthcare clients must ensure they have a completed copy of the business associate agreement from IBM before any IBM cloud services are used in tandem with protected health information.
IBM also offers HIPAA covered groups and their business associates services to help them set up their cloud applications correctly and create appropriate privacy and security solutions.
IBM fulfils its responsibilities as a business associate by ensuring its cloud platform meets and goes beyond the minimum requirements of the HIPAA Security Rule and IBM agrees to adhere to the HIPAA Privacy Rule and Breach Notification Rule.
IBM will complete a business associate agreement with HIPAA covered groups covering the IBM Cloud, So the IBM Cloud can be thought of as a HIPAA compliant cloud platform.
However, HIPAA compliance is deemed a shared responsibility. IBM only supplies the security and the tools to ensure its cloud platform can be used without breaching HIPAA Rules. It is the responsibility of HIPAA-covered groups to ensure that cloud-based infrastructure and applications are not improperly configured, and that stored files are appropriately safeguarded.