To help our healthcare customers take advantage of the agility and flexibility of vCloud Hybrid Service while meeting the obligations defined by the US Department of Health and Human Services, VMware is happy to share three important milestones:
- Completion of an examination of our information security program against essential elements of HIPAA and HITECH,
- Availability of a Business Associate Agreement (BAA),
- Availability of a whitepaper to support customers looking to achieve HIPAA/HITECH compliance
Completion of an Independent HIPAA Examination
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) as well as Health Information Technology for Economic and Clinical Health Act (HITECH) of 2009 established national standards for the security and privacy of Protected Health Information (PHI) in the United States. While not required by the regulations, the information security program for vCloud Hybrid Service has been examined against the HIPAA security rule by an independent CPA firm. Based on its examination and tests of controls, it is the opinion of the firm that VMware’s information security program adopted essential elements of HIPAA and HITECH, including applicable components of the:
- Administrative safeguards
- Physical safeguards
- Technical safeguards
- Breach notification requirements
While we could have completed this examination on our own as many cloud providers do, we feel that having a 3rd party complete the examination provides an unbiased evaluation of our information security program – one that healthcare providers can entrust with their data.
Business Associate Agreement (BAA)
We are happy to announce that we are now offering a Business Associate Agreement (BAA) to any customer subject to HIPAA and HITECH regulation. The BAA helps our healthcare customers document their compliance and outlines our contractual obligations to use appropriate safeguards to:
- Prevent unauthorized access, use, or disclosure of Protected Health Information
- Respond to data breaches quickly and appropriately
The BAA was designed in conjunction with a leading law firm with expertise in HIPAA and provides fair and reasonable terms for healthcare providers, insurers, and other organizations.
To help our customers achieve HIPAA/HITECH compliance, VMware is also providing the whitepaper HIPAA/HITECH Compliance Using VMware vCloud Hybrid Service. This whitepaper outlines the individual and joint responsibilities of VMware customers when PHI is transmitted to, stored in, processed by, or retrieved from VMware vCloud Hybrid Service.
These announcements mark a significant achievement for vCloud Hybrid Service to help our healthcare customers confidently embrace hybrid cloud computing. Healthcare customers who are interested in learning more about vCloud Hybrid Service or our BAA should contact their VMware sales representative for more details.