Evaluating Cloud Hosting Providers with the FedRAMP

While the FedRAMP (Federal Risk and Authorization Management Program) is intended for government entities and their criteria and processes for assessing and monitoring cloud products/services, it’s still a good security standard model that many organizations could follow to minimize security risks in the cloud.

The most applicable standards used for evaluating cloud hosting providers includes:

Security Assessment

Documenting security controls is the first step that any organization should require of their cloud provider – this includes:

Document the controls implemented in the cloud and the cloud environment.
Policies around user behavior – with details around use and access.
An IT contingency plan – a disaster recovery plan that defines how the organization intends to recover information system services and manage disruptions.
Configuration management plan – a plan describing how changes to the system are managed and tracked.
Incident response plan – similar to breach notification clauses that should be included in any business associate agreement, for healthcare organizations concerned with HIPAA, an incident response plan outlines how incidents are detected, reported, escalated, handled and remediated.
Any authentication that will be used in the cloud, including a required authentication level – two-factor authentication is one method that may be easily employed to create an additional layer of security.
Privacy impact assessment – this should document what kind of personally identifiable information (PII), or protected health information (PHI), is collected and if it’s properly safeguarded.

READ

Meeting The Healthcare Demands of an Aging Population

In addition to documentation, this step includes performing security testing, which requires the cloud provider to contract with an accredited third party auditor to test the security of the cloud provider’s system and environment, produce a report of results, and document a plan of action to remediate or change their system to meet security requirements.

As a cloud provider that needs to balance both security and compliance for our clients, Online Tech has contracted a third party auditor to test its controls against a variety of compliance standards, including HIPAA compliance, PCI DSS Compliance, SOX compliance and more on a continuous basis. Read about what each standard means in our Data Center Standards Cheat Sheet.

Ongoing Assessment and Authorization

This refers to the continuous monitoring of cloud providers to ensure their security controls remain effective over time.

Operational visibility refers to the transparency of security control implementations – annual self-attestation reports can help in this area.
Change control process – establishing a process to track any changes that could impact the ability of a cloud provider to meet security requirements. This also includes changes in a cloud provider’s management.
Incident response – keeping track of any new risks or vulnerabilities that might affect authorized system and response/mitigation activities.

Following a similar plan can help your organization avoid a data breach and stay safe in the cloud.

References:
FedRAMP Processes from the U.S. General Services Administration
FedRAMP Security Assessment
Performing Security Testing
Document Security Controls

ICD-11 – The Next-Generation Coding System

5 Ways to Use Texting in Healthcare Marketing and Engagement

When The Doctor Is Hurting: Ergonomic Solutions For Medical Professionals

Choosing a medical courier: 5 things you must consider

Entrepreneurs Must Integrate Mission-Driven Strategic Investors

6 Healthcare Financial KPIs You Need for 2017

Determining the ROI on Aquatic Therapy in Your PT Practice

How to Monetize Mobile Healthcare Apps

When The Doctor Is Hurting: Ergonomic Solutions For Medical Professionals

Stressing Employee Sleep and How It Can Impact Your Practice, Hospital, and Overall Productivity

Are Patients Being Informed Of Alternatives To Medication?

Enhancing Cultural Competency In Healthcare Settings

Chatbots – The New Healthcare Frontier

ICD-11 – The Next-Generation Coding System

How a New Patient Experience Model Will Drive the Future of Connected Healthcare?

mHealth: The New Future of Healthcare

Facebook Reported to Have Attempted to Acquire Users’ Medical Records

Organization fined $418,000 for business associate HIPAA breach

Dissatisfaction with Billing Companies Starts with Lack of Clarity of What is Expected

Phishing in the Healthcare Industry is Real – And Can Have Grave Consequences

How a New Patient Experience Model Will Drive the Future of Connected Healthcare?

mHealth: The New Future of Healthcare

How Technology-Enabled Communications Drive Use of Routine Services and Revenue

How Blockchain can Evolve Healthcare System?

EHR For Rural Hospitals: Criteria And Access

How Big Data Can Be Used To Prevent Fatal Heart Attack

Patient-Generated Health Data: a Shift in Care Delivery?

How Financial Barriers are Slowing Down Telehealth Adoption

How can Healthcare Professionals Manage their Reputation Online

How to Handle Negative Physician Reviews and Feedback

5 Effective Ways to Market Healthcare to Millennials

Truth From Comedy: ZDogg Does for Medicine What Late Night Is Doing for Politics

Taking Care of the Small Things Now Is Easier Than Ever

What Types of Treatments Shrink Cancerous Tumors?

Chatbots – The New Healthcare Frontier

5 Ways to Use Texting in Healthcare Marketing and Engagement

5 Life-Changing Assistive Technologies for the Visually Impaired

How AI Influences the Plastic Surgery

Healthcare Meets Technology: Future-Ready 2018 Innovations

Degenerative Disc Disease: Comparing Lumbar Artificial Disc Replacement to Spinal Fusion

How a New Patient Experience Model Will Drive the Future of Connected Healthcare?

Meeting The Healthcare Demands of an Aging Population

Application and Challenges of IoT in Healthcare

4 Healthcare IT Technologies Set to Take Over This Year

How a New Patient Experience Model Will Drive the Future of Connected Healthcare?

Vitiligo: Why it Happens to You, and How to Treat it?

Top 3 Ways to Gain Muscle Mass Fast

Healthcare Data Breaches: What Are the Risks?

Food Biotechnology – Genetically Modified Food Controversies and Health

Taking Care of the Small Things Now Is Easier Than Ever

What Types of Treatments Shrink Cancerous Tumors?

Understanding Dysphagia Risk Factors and Developing a Management Plan

The amazing benefits of talking therapy and how you can help

How Big Data Can Be Used To Prevent Fatal Heart Attack

Peripheral Vascular Stenting to 2020

In Praise of FDA Collaboration: The Cardiac Safety Example

The Role of Ultrasound Guidance in Heart Valve Procedures

Understanding Alzheimer’s Disease: What’s Next? [Infographic]

Why Primary Care Physicians Are the Next Phase in CCRC Care

The Dos and Don’ts of Handling Elderly Patients

Five Fields In Healthcare That Are Quickly Growing

The Weight Conscious Doctor: Why Sensitivity Matters

Top 5 Reasons Why you’re Not Losing Weight on Your Diet

Starting a New Eating Plan? What you Need to Know about Macro and Micronutrients

Should You Recommend Bariatric Surgery to Obese Patients?

Do it like Disney: Developing Orthopedic Centers of Excellence

Lessons on Building a Great Ortho Team from The Avengers

What Orthopedic Patients Want this Holiday Season

Use The Force: 4 Ways to Improve Orthopedic Service Lines

Radiology as an Enterprise Model for Collaboration

Relationship Between Clinical Decision Support Systems (CDSS) & Radiology Must Evolve

Diagnostic Reading #33: Five Must-Read Articles from the Past Week

2015 CPT Coding Changes and Your Radiology Practice

The Truth About Depression and Anxiety in Your Nursing Staff

Developing a Sound Relapse Prevention Plan After Discharge

Understanding Dysphagia Risk Factors and Developing a Management Plan

3 Top and Most Recent Cycling Technologies

How to Increase Height with Food and Exercises

How to Make Your Hair Look Thicker and More Voluminous

6 Ways to Make Sure You’re Detoxing Properly