In this fast-paced world, healthcare consumers want their personalized information at a great speed. 71% of millennials want doctors to provide mobile applications for actively managing their health information which Salesforce health cloud does very well. Salesforce Health Cloud is fabricated to combine power and security of cloud with social and mobile technologies.
Let us first see what is HIPAA’s story and then move forward how Salesforce Health Cloud meet HIPAA guidelines!
A- HIPAA’s Story
During the 90’s, the government of United States decided to bring up new norms and regulations because the intervention of Information Technology was extensive. This gave rise to HIPAA which is Health Insurance Portability and Accountability Act.
This act of HIPAA was formulated in 1996 by the United States Congress under the leadership of President Bill Clinton. Here is a few listing of HIPAA:
A1- List Of Rules
1- It states list of norms, rules, and regulations which need to be followed in software used by healthcare industry or medical institution. State-specific conditions which need to be satisfied while using medical information of citizens of the country.
3- The rules were generalised by HIPAA in order to make the process simple for software developers and cloud service providers.
4- HIPAA comprises of two sections, Title I and Title II. Title I holds rules and regulations which are aimed at protecting and safeguarding the rights of employees which are in respect to insurance policies and claims. Title II takes care of integrity and security of medical health records, privacy policies, and other information security norms.
Thereby HIPAA norms are prepared to keep in mind the following points:
- Security of medical information
- Integrity of medical information
- Enforcement of right of privacy
- Security of patient interest
B- Salesforce Meeting HIPAA Standards
The cost benefits and operational efficiencies which are achieved by using cloud services like Salesforce are simply too important to ignore. Although Salesforce’s own security measures which are scalable and robust but still HIPAA compliance is an ultimate mandate for your organisation, of course by following best practices. Let us see how Salesforce is meeting HIPAA compliance standards and streamlining processes.
1. Privacy, Integrity, and Availability
The U.S. Department of Health and Human Services describes PHI – protected health information of individuals as “individually identifiable health information.” HIPAA regulations aim at offering complete protection, privacy, integrity, and availability of such information. (PHI comprises of names, addresses, social security numbers, birth dates, information related to their payment for healthcare).
Well, when it comes Salesforce meeting HIPPA compliance, just do not bother about electronic versions of data which is ePHI. Which is why the first step will be to examine the data you send to Salesforce and identify every field which contains or might contain ePHI.
2. Data Monitoring, Controlling and Implementing Access Controls
Here, when you know what ePHI you must protect, you can now lock the data. This you can do by crafting strict access control policy for limiting access to data to only the employees and applications which truly need them. Here is where your DLP policy (Data Loss Prevention- is a strategy for making sure that end users do not send sensitive or critical information outside of a corporate network) and appliances comes into the picture. When you have identified what data must not be leaked, you can easily take steps to minimise the chance of unauthorised access. Data Discovery & Monitoring module of CipherCloud helps in exposing user activity. It helps in catching potential violators before their actions cause problems. CipherCloud’s Cloud Information Protection platform offers DLP modules which can identify HIPAA/HITECH violations henceforth protecting data.
3. Encryption and Tokenization
CipherCloud is a secure gateway which acts as a gatekeeper of sensitive information ensuring its integrity no matter where the ePHI resides. By giving your organisation exclusive access to encryption keys, CipherCloud offers full control over the decryption of your data. Even if the data is leaked, no one will be able to read it or access it without your participation. CipherCloud’s cloud information protection platform is a great selection of encryption and tokenization options. Encryption is a standard approach to ePHI protection and key to Salesforce HIPAA compliance.
4. Salesforce Shield
Salesforce Health Cloud supports Salesforce Shield which enhances security. Shield Platform Encryption offers a whole new layer of security to your data, which preserves critical platform functionality. Shield Platform Encryption offers data encryption options which Salesforce offers out of the box. It is protected even when other lines of defence have been compromised. Event Monitoring offers user actions visibility which allows security teams to quickly identify and track malicious use. Also, platform encryption safeguards data at rest while preserving functionality like workflow, validation rules or search. The Field Audit Trail feature allows state and value of data at any moment.
Salesforce Health Cloud protects every element with its built-in HIPAA compliance features which comprises of Salesforce Shield, Field Audit Trail, Platform Encryption, Data Archive and Event Monitoring. It offers a new dimension in the provider-patient relationship along with many platform features and resources.
References: Cipher Cloud, Cirrius Solutions, Summa, Salesforce, Paubox, Corevalue, Silverlinecrm