Project Main Details
Last revised July 3, 2015
- 2 to 3 minutes
- Whiteboard animation
• Use an whiteboard animation (with infographics where possible) approach to explain the needs and value proposition for HIPAA compliance and Azure’s underlying security capabilities for healthcare customers
• Narrated introduction with problem statement
• Identify healthcare risks and requirements
• Enumerate some of the threats with examples
• Shared responsibility / distributed accountability
• Review HIPAA requirements and Azure as a solution platform
• Close out with Call to Action (request the BAA, …)
PHI is P H I
HIPAA is HIP A (short a)
BAA is B A A
EUMC is E U M C
FedRAMP is Fed ramp
UK GC is U K G C
MTCS L3 is M T C S L 3
ISO 27018 is I S O 27 0 1 8
http://azure.microsoft.com/en-us/support/trust-center/compliance/hipaa/ is h t t p : wack wack azure dot microsoft dot com slash e n dash u s slash support slash trust dash center slash compliance slash hip a (short a)
Clear, friendly, authoritative. Not the least bit sales pitch like. Something with an older sounding voice like Judi Dench
Healthcare data, also referred to as Protected Health Information – or PHI – is among any individual’s most sensitive and important data assets.
PHI represents a veritable treasure trove of secrets that could be used against your customers unfairly, or just used to reveal things that are deeply personal in nature.
The thought of these details falling into the hands of hackers, thieves, and other cyber criminals is what drove Congress to mandate protections for health information in the form of laws such as the Health Insurance Portability and Accountability Act (HIPAA).
HIPAA and other laws like it around the world serve to enforce the implementation of robust controls on the security, privacy, and integrity of PHI, and carry stiff penalties for not having these controls in place.
PHI exists in many forms … documents, databases, e-mails … and in many places, including web sites and custom applications.
This data is also spread among on-premises systems and across numerous facilities and providers.
Adding in the dynamics of cloud computing makes PHI asset management even more complex.
Azure provides security for storing PHI as required by HIPAA.
But your organization must seek and obtain HIPAA compliance. Your applications and internal processes will need to provide security for PHI as well. In the end, HIPAA compliance is yours to obtain.
To help customers comply with HIPAA, Microsoft offers a BAA as well as EUMC compliance in the Azure contractual terms of the Online Services Terms (OST).
Azure also meets the needs of the even more restrictive standards of FedRAMP, UK GC, and MTCS L3.
HIPPA compliance requires shared commitments from both the customer and the suppler. Azure is committed to and continues to make investments to support your commitments.
Azure also has rigorous processes and procedures that allow support for standards like HIPPA. These include:
• Continuous monitoring
• Threat and incident management
• Comprehensive audits
Privacy is of the utmost importance to Azure. We have policy-driven, common controls and were the first to adopt ISO 27018.
Azure provides a certified foundation for healthcare industry customers to achieve HIPAA compliance, but you own and manage your end-user solution on top of that foundation. You also own all the processes and other systems in your organization. HIPAA certification is yours to obtain.
We’re here to help with HIPPA. We’ve published some guidance on using Azure in a HIPAA compliant fashion, and that and additional information is available at http://azure.microsoft.com/en-us/support/trust-center/compliance/hipaa
Voice123 Team Comments
Voice123 consultations with this voice seeker regarding this project and/or other projects by this voice seeker, via phone, chat, and/or email.
This project - phone.
Previous projects - phone.
This project - email or chat.
Previous projects - email or chat.
Corporate web site for this voice-seeker confirmed by Voice123
Note: Voice123 strives to establish the legitimacy of all projects posted. However, Voice123 subscribers and users are responsible for confirming information stated by prospective voice seekers, agents and/or clients. Voice123 subscribers and users assume all liability for use of any information found through Voice123, or any of its publications.
This page contains the most important details of this project. If you find the information on this project inaccurate or inappropriate, please let us know by contacting us.