By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Health Works CollectiveHealth Works CollectiveHealth Works Collective
  • Health
    • Mental Health
    Health
    Healthcare organizations are operating on slimmer profit margins than ever. One report in August showed that they are even lower than the beginning of the…
    Show More
    Top News
    improving patient experience
    6 Ways to Improve Patient Satisfaction Within Hospitals
    December 1, 2021
    degree for healthcare job
    What Are The Health Benefits Of Having A Degree?
    March 9, 2022
    custom software development is changing healthcare
    Digital Customer Journey Mapping and its Importance for Healthcare
    July 21, 2022
    Latest News
    6 Easy Healthcare Ways to Sit Less and Move More Every Day
    September 10, 2025
    7 Most Common Healthcare Accreditation Programs: Which Should You Use?
    August 20, 2025
    Hospital Pest Control and the Fight Against Superbugs
    August 20, 2025
    Hygiene Beyond The Clinic: Attention To Overlooked Non-Clinical Spaces
    August 13, 2025
  • Policy and Law
    • Global Healthcare
    • Medical Ethics
    Policy and Law
    Get the latest updates about Insurance policies and Laws in the Healthcare industry for different geographical locations.
    Show More
    Top News
    Feinberg’s Simulation-Based Training Program Wins Innovations Challenge
    November 16, 2012
    ACA Delays
    Top 8 ACA Delays: Blatantly Illegal or Temporary Courses of Action?
    July 7, 2014
    Vegetarina Dental Concerns Marielaina Perrone DDS
    Oral Health Concerns For Vegetarians
    February 14, 2013
    Latest News
    Healthcare at a Crossroads: Why Leadership Matters More Than Ever
    September 9, 2025
    How Social Security Disability Shapes Access to Care and Everyday Health
    August 22, 2025
    How a DUI Lawyer Can Help When Your Future Health Feels Uncertain
    August 22, 2025
    How One Fall Can Lead to a Long Road of Medical Complications
    August 22, 2025
  • Medical Innovations
  • News
  • Wellness
  • Tech
Search
© 2023 HealthWorks Collective. All Rights Reserved.
Reading: Evaluating Cloud Hosting Providers with the FedRAMP
Share
Notification Show More
Font ResizerAa
Health Works CollectiveHealth Works Collective
Font ResizerAa
Search
Follow US
  • About
  • Contact
  • Privacy
© 2023 HealthWorks Collective. All Rights Reserved.
Health Works Collective > eHealth > Evaluating Cloud Hosting Providers with the FedRAMP
eHealth

Evaluating Cloud Hosting Providers with the FedRAMP

onlinetech
onlinetech
Share
4 Min Read
SHARE

While the FedRAMP (Federal Risk and Authorization Management Program) is intended for government entities and their criteria and processes for assessing and monitoring cloud products/services, it’s still a good security standard model that many organizations could follow to minimize security risks in the cloud.

Contents
  • Security Assessment
  • Ongoing Assessment and Authorization

The most applicable standards used for evaluating cloud hosting providers includes:

While the FedRAMP (Federal Risk and Authorization Management Program) is intended for government entities and their criteria and processes for assessing and monitoring cloud products/services, it’s still a good security standard model that many organizations could follow to minimize security risks in the cloud.

The most applicable standards used for evaluating cloud hosting providers includes:

More Read

What Healthcare Professionals can Learn from Sales People
A Virtual Nurse for Hospital Discharge
Mobile Health Around the Globe: Zao mHealth Device Field-Tested in India and Nepal
HIPAA? Now HIMTA: The New mHealth Bill
Clinical Trials Managed in “The Cloud?”

Security Assessment

Documenting security controls is the first step that any organization should require of their cloud provider – this includes:

  • Document the controls implemented in the cloud and the cloud environment.
  • Policies around user behavior – with details around use and access.
  • An IT contingency plan – a disaster recovery plan that defines how the organization intends to recover information system services and manage disruptions.
  • Configuration management plan – a plan describing how changes to the system are managed and tracked.
  • Incident response plan – similar to breach notification clauses that should be included in any business associate agreement, for healthcare organizations concerned with HIPAA, an incident response plan outlines how incidents are detected, reported, escalated, handled and remediated.
  • Any authentication that will be used in the cloud, including a required authentication level – two-factor authentication is one method that may be easily employed to create an additional layer of security.
  • Privacy impact assessment – this should document what kind of personally identifiable information (PII), or protected health information (PHI), is collected and if it’s properly safeguarded.

In addition to documentation, this step includes performing security testing, which requires the cloud provider to contract with an accredited third party auditor to test the security of the cloud provider’s system and environment, produce a report of results, and document a plan of action to remediate or change their system to meet security requirements.

As a cloud provider that needs to balance both security and compliance for our clients, Online Tech has contracted a third party auditor to test its controls against a variety of compliance standards, including HIPAA compliance, PCI DSS Compliance, SOX compliance and more on a continuous basis. Read about what each standard means in our Data Center Standards Cheat Sheet.

Ongoing Assessment and Authorization

This refers to the continuous monitoring of cloud providers to ensure their security controls remain effective over time.

  • Operational visibility refers to the transparency of security control implementations – annual self-attestation reports can help in this area.
  • Change control process – establishing a process to track any changes that could impact the ability of a cloud provider to meet security requirements. This also includes changes in a cloud provider’s management.
  • Incident response – keeping track of any new risks or vulnerabilities that might affect authorized system and response/mitigation activities.

Following a similar plan can help your organization avoid a data breach and stay safe in the cloud.

Recommended Reading:
Top 5 Tips for Cloud Computing Security
HIPAA Compliant Data Centers – Includes Security Recommendations for the Cloud

References:
FedRAMP Processes from the U.S. General Services Administration
FedRAMP Security Assessment
Performing Security Testing
Document Security Controls

TAGGED:FedRAMPHIT
Share This Article
Facebook Copy Link Print
Share

Stay Connected

1.5kFollowersLike
4.5kFollowersFollow
2.8kFollowersPin
136kSubscribersSubscribe

Latest News

a woman walking on the hallway
6 Easy Healthcare Ways to Sit Less and Move More Every Day
Health
September 9, 2025
Clinical Expertise
Healthcare at a Crossroads: Why Leadership Matters More Than Ever
Global Healthcare
September 9, 2025
travel nurse in north carolina
Balancing Speed and Scope: Choosing the Nursing Degree That Fits Your Goals
Nursing
September 1, 2025
intimacy
How to Keep Intimacy Comfortable as You Age
Relationship and Lifestyle Senior Care
September 1, 2025

You Might also Like

EMR and meaningful use
eHealthHealth ReformMedical RecordsPolicy & Law

The Tyranny of Electronic Systems

October 24, 2013
mobilehealth.jpg
eHealthMedical InnovationsMobile HealthTechnology

Will Virtual Clinical Trials Revolutionize the Pharma Industry?

July 13, 2016

Doctor and Patient Communications

October 24, 2012

True Value Telehealth

December 13, 2013
Subscribe
Subscribe to our newsletter to get our newest articles instantly!
Follow US
© 2008-2025 HealthWorks Collective. All Rights Reserved.
  • About
  • Contact
  • Privacy
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?