As enterprises with regulatory concerns/mandates migrate to the Cloud (Private, Public, or Hybrid) compliance with regards to privacy and security will ether be barriers or demand enabling technologies.
Tricks like leveraging encryption of data at rest while keeping active keys elsewhere will allow immediate use of the IaaS platform’s compliance methods and limit the application’s need to make drastic changes in code to accommodate compliance monitoring logic.
An example of leveraging Cloud Services is to deploy an application that services the healthcare industry by ultilizing the Infrastructure as a Service(IaaS) model E.G., Azure:
To deploy a Cloud-based Azure Platform meeting HIPAA regulations, all application code segments must be designed using a web-services model where database elements and application code running in the cloud publish secure streams
Windows Azure allows an organization to create virtual machines (VMs) that run in Microsoft datacenters. Suppose the organization wants to use those VMs to run enterprise applications or other software that will be used by customers. We can create a SharePoint farm in the cloud, for example, or run HIIPA data management enterprise HITECH applications. To make life as easy as possible for our users, these applications would be accessible just as if they were running in an cost intensive local datacenter.
The Enterprise offering the Cloud Services must follow these five rules in order to stay comliant with HIIPA: