What does “HIPAA Compliant” really mean? Frequently it is just a marketing label that some companies bestow upon themselves and not really an attestation of compliance. That’s risky.
This worksheet is meant to illuminate the cloud requirements of HIPAA that you need to plan for in your own digital health product. A more comprehensive risk assessment, such as the HITRUST CSF Self-Assessment, is also necessary. Use this checklist to understand what compliance controls are needed, and assess your compliant state at several cloud layers:
- The Physical Layer
- The Operating System and Application Layers
- The Administrative Layer
Once you’ve completed this checklist you’ll have a much better understanding of what it will take to be HIPAA compliant in the cloud.