VNS3 Makes HIPAA Cloud Security Easy

VNS3 is the best network security & connectivity appliance available, and we’ve got everything you need to get your cloud application HIPAA & HITECH cloud security compliant.

Cloud Area Network

Covered Entities Choose VNS3 for Connectivity, Security, and Federation.

Finding a cloud provider that will sign a Business Associate Agreement (BAA) is easy. Cohesive Networks VNS3 cloud network and security appliance makes meeting HIPAA & HITECH cloud security requirements and the terms of your BAA just as easy. VNS3 offers better performance, security, flexibility, and support than all competitors.

We’ve Got Your HIPAA Cloud Security Checklist Covered

Making sure ePHI is encrypted in motion is only the first step towards HIPAA AWS cloud compliance. VNS3 gives you the ability to connect, federate, and secure your application deployment to meet and exceed HIPAA & HITECH cloud security standards. Here are just a few of the ways VNS3 can solve your HIPAA cloud security needs:

R

Encrypted ePHI In Motion

§164.312(a)(2)(iv)

VNS3 is a NIST compliant network solution to encrypt and decrypt electronic protected health information according to HIPAA encryption requirements.

R

Audit Controls

§164.312(b)

VNS3 provides mechanisms that record and examine activity in information systems that contain or use electronic protected health information.

R

Access Controls

§164.312(a)(1)

VNS3 application segmentation restricts access only to those persons or software programs that have been granted access rights.

R

Cross-Region & Cloud Federation

VNS3’s federated and highly available network seamlessly spans availability zones, regions, and clouds to provide insulation and contingency planning – §164.308(a)(7).
R

Hybrid Cloud Connectivity

VNS3 IPsec solution provides the best interoperability in the industry, allowing encrypted connections between your sites, partners, customers, and your HIPAA cloud.
R

Security in the Cloud

VNS3 includes additional and orthogonal security controls like network firewalls, network intrusion detection systems, and web application firewalls tailored to your specific HIPAA application requirements.

Achieve AWS HIPAA Compliance with our Quick Start Reference Guide

We’re proud to announce the release of our first AWS Quick Start reference deployment for configuring and launching our VNS3 overlay network for your cloud application. Working closely with Amazon we’ve leveraged the proven power of AWS CloudFormation to take our secure and scalable solution and make it even more accessible. With our Quick Start deployment, VNS3 can easily secure your cloud application to AWS HIPAA and HITECH compliance standards in as few as fifteen minutes, supported by best practice tools and strategies for automating your infrastructure deployments.

HIPAA in the Cloud

The U.S. Health Insurance Portability and Accountability Act (HIPAA) establishes privacy, security, and breach notification rules for the storage and transmission of electronic health information. In response to the growth in public cloud, the Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009 and the 2010 Omnibus rule clarified and redefined some of the definitions to include the additional responsible parties in public cloud deployments. IT service or cloud providers were explicitly defined as business associates. HIPAA compliant deployments in public cloud IaaS require the cloud provider (ex. AWS, Google, Microsoft Azure, HP, etc.), or business associate AND application owner, to demonstrate compliance with the relevant provisions of HIPAA-HITECH.

Shared Responsibility in Public Cloud

HIPAA establishes privacy, security, and breach notification rules for the storage and transmission of electronic health information. These rules cover both the infrastructure as well as the application deployment running on that infrastructure.  In the past, traditional IT data center deployments meant the infrastructure and application were owned by the same entity.  Public cloud IaaS separates the application owner from the infrastructure provider and requires shared responsibility between the application owner and the cloud service provider (CSP).

Who Should be Covered and Compliant?

HIPAA public law specifies who need to be compliant with the provisions. Basically any entity that comes into contact with electronic protected health information (ePHI) needs to be HIPAA compliant. These individuals, organizations or agencies are known as Covered Entities (CE) and are required to protect the privacy and security of health care information and provide patients with certain rights pertaining to their health information.

Example Covered Entities & Business Associations

Example Covered Entities:

  • Health Care Provider – doctor, clinic, hospital, pharmacies, etc.
  • Health Plan – health insurance company, HMO, Medicare, Medicade, etc.
  • Clearinghouse – billing service, repricing company, or sHIPAAimilar that standardizes health information

Covered Entities must sign Business Associate Agreements with any vendor who in the business of working with a Covered Entity, will have any contact tight the electronic protect health information. As a result any entity that interacts with any form of ePHI is either a Covered Entity or a Buiness Associate (by contract).

Example Business Associates:

  • Internet Providers – public IaaS providers, managed service providers, hosting companies, etc.
  • SaaS Providers – mail, data base, CRM, HR, etc.
  • Financial Services – accounting firms

Get Started with VNS3