Healthcare's Requirements for a Cloud Services Provider

Jonathan Rosenson
Published

The Healthcare Industry’s Requirements for a Cloud Service Provider

While data security and availability is imperative for any organization, it is especially true for those in the healthcare industry, whose access to personally identifiable information (PII) such as birth dates and social security numbers requires strong data security measures – and can present security concerns and complexities as these organizations seek to move to the cloud. Aligning with a cloud services provider who has a demonstrated commitment to ensuring the security of ePHI, and who will execute a HIPAA Business Associate Agreement, is critical for covered entities looking to take advantage of the agility and scalability cloud computing offers.

Expedient can act as a HIPAA Business Associate and provide SOC1 and SOC2 reports, alongside a HIPAA Business Associate Agreement. In fact, Expedient’s most recent SOC2 reports incorporate the criteria from the HITRUST Common Security Framework (CSF), a certifiable framework that provides organizations with a comprehensive, flexible, and efficient approach to regulatory compliance and risk management. HITRUST CSF has become the most widely-adopted security framework in the U.S. healthcare industry. This commitment and expertise demonstrated by HITRUST ensures that organizations leveraging the framework are prepared when new regulations and security risks are introduced.

By incorporating criteria from the HITRUST CSF, Expedient is now better positioned to communicate information about both the processes and procedures we use to meet the CSF requirements, as well as other applicable trust services criteria relevant to security, availability, and confidentiality – providing new levels of visibility and transparency to covered entities evaluating Expedient’s cloud and managed services solutions. Read our MedCom Solutions case study to find out how we helped one covered entity through a complex migration of services by providing a stable, secure IT infrastructure.

As Senior Vice President and Chief Operating Officer, Jonathan Rosenson is responsible for overseeing organizational functions that drive growth at Expedient. Jon additionally acts as an external spokesperson conveying the Expedient story. Follow him on Twitter.

The best of Expedient delivered to your inbox.

Sign up for more technical briefs, stories, and special offers from Expedient.