HIPAA Compliance in the Cloud: Google’s Cloud Security Foundations and Assured Workloads

Posted by

As healthcare providers continue to embrace digital transformation, they must ensure compliance with regulatory requirements such as the Health Insurance Portability and Accountability Act (HIPAA). The challenges faced by healthcare providers when it comes to managing sensitive workloads in a secure and compliant environment include compliance challenges, security challenges, and operational challenges. The failure to comply with HIPAA regulations can result in costly fines and damage the organization’s reputation.

Google Cloud’s Security Foundations and Assured Workloads are capabilities in Google Cloud that help customers meet compliance requirements, including the HIPAA Security Rule, which includes administrative, physical, and technical safeguards for protecting electronic protected health information (ePHI). By addressing these challenges, healthcare providers can ensure that their sensitive workloads are stored, processed, and managed in a secure and compliant environment.

Assured Workloads provides four main components that ensure HIPAA compliance: Data Residency, Personal Data Access Controls, Configure Key Management, and Data Sovereignty. The benefits of using Assured Workloads for HIPAA compliance include improved security, reduced risk, and streamlined compliance in a pre-configured solution package tailored to the regulatory requirements the organization needs to follow.

Onix brings the right expertise and experience so that healthcare providers are assured their sensitive data is protected and compliant with HIPAA regulations. Onix recently worked with a large biotech company that uses computational genomics to discover new therapies for patients suffering from a range of diseases. Onix configured Security Foundations with a focus on Assured Workloads for HIPAA to meet future compliance requirements, including secure data storage, access controls, and regular security audits. As a result of this work, this organization is now able to securely and compliantly store and process sensitive patient data in the cloud, which has allowed them to accelerate their research and bring new therapies to patients faster.

For this large biotech company, Onix was primarily focused on designing and implementing the proper technical controls for HIPAA compliance. This included the following:

  • Access controls: proper entitlements and permissions were configured to ensure that only authorized personnel have access to ePHI and data based on a business need-to–know. This included RBAC and MFA, as well as network security controls such as firewalls and VPNs.
  • Audit controls: critical logging was configured and best practices established for the management and support of audit logs of all system activity, including access to ePHI, changes to configuration settings, and system alerts. 
  • Encryption: at rest and in-transit encryption was enabled by default and used within all workloads running on GCP.
  • Network controls: configured VPCs to isolate workloads and limit the blast radius of attacks; private access was enabled to drive traffic over Google’s private network and not the public internet.

What was unique about this engagement was the speed at which Onix operated in delivering the solution – less than four weeks which included requirements gathering, design, engineering, deployment, and testing – and using a risk-based approach to identify the high priority controls to implement before lower risks were addressed and remediated. This risk prioritization process also helped develop the business, technical, and security requirements for solution design. The areas of acute weakness were of focus throughout the planning and design phases.

Onix helps organizations leverage the power of the Google Cloud Security Foundations and Assured Workloads by assessing the organization’s current infrastructure, workflows, and compliance needs. They worked closely with the organization to develop a customized plan for implementing Assured Workloads and provide ongoing support and maintenance to ensure HIPAA compliance. Onix has a dedicated healthcare practice that is well-equipped to help healthcare providers implement Cloud Security Foundations, which guards against non-compliance potentially resulting in serious damage to an organization’s reputation, fines, and other penalties.

Healthcare providers must comply with HIPAA regulations to protect patient health information and avoid costly fines. Google’s Assured Workloads implemented by Onix provide a secure and compliant environment for sensitive workloads, allowing healthcare providers to focus on delivering healthcare services. Onix’s expertise and experience in implementing Cloud Security Foundations and Assured Workloads ensures that healthcare providers’ sensitive data is protected and compliant with HIPAA regulations. The combination of Google’s Assured Workloads and Onix’s services provides a secure and efficient environment for healthcare providers to store, process, and manage their sensitive information.

Request a Cloud Security Foundations consultation today. 

Related blogs

Subscribe to stay in the know

Your trusted guide to everything cloud

No matter where you are on your journey, trusted Onix experts can support you every step of the way.