Session ID: 
59

HIPAA and a Cloud Computing Shared Security Model

3:00pm - 4:00pm Tuesday, March 6
Las Vegas - Venetian Convention Center
Marcello 4401

Description

Cloud computing often involves a shared security model. The cloud service provider (CSP) may provide a virtual vault, but all of its security is meaningless if the customer uses a weak password. When a HIPAA covered entity or business associate, such as a healthcare provider or health plan, uses cloud computing services and seeks to comply with HIPAA's Security Rule, it is imperative that the covered entity or business associate understand the shared security model, including what requirements are applicable to the covered entity or business associate, what requirements the CSP addresses, and what security responsibilities both must address. Who is responsible for encryption of data at rest? Of data in motion? How does the covered entity or business associate need to address its use of cloud services in its information security risk analysis? This session will focus on how the HIPAA Security Rule and other security laws apply to a cloud computing shared security model.

Learning Objectives: 

  • Describe what is meant by a "shared security model" in cloud computing
  • Identify how to include cloud computing in a HIPAA Security Rule risk analysis
  • Categorize which security responsibilities fall to a cloud services provider and which fall to a covered entity or business associate customer in a shared security model

Speaker(s): 

Partner,
Davis Wright Tremaine, LLP
Continuing Education Credits: 
ABPM
1.00
CAHIMS
1.00
CME
1.00
CNE
1.00
CPHIMS
1.00
IAPP
1.00

Audience: 

CIO, CTO
Privacy Professional
Security Professional

Level: 

Intermediate

WHERE THE WORLD
CONNECTS FOR HEALTH