Comment on Federal Cyber Experts Thought Microsoft’s Cloud Was “a Pile of Shit.” They Approved It Anyway.
atomicbocks@sh.itjust.works 3 weeks agoThey do that because there are some things that you can’t put in the cloud, like HIPAA protected data. It’s absolutely a rip off, but that was their solution.
noahm@lemmy.world 3 weeks ago
You absolutely can store HIPAA data in the cloud.
Latency is one of the big selling points for Outposts. They have customers wanting to control industrial equipment from their cloud resources, but the nearest AWS region is too far away to provide the low latency connectivity they need. With Outposts, they get the cloud, but with on-prem network latency.
atomicbocks@sh.itjust.works 3 weeks ago
There is no certification process in place for using a cloud to store HIPAA data. It even says that on the page that you linked. Legally, any organization that used this service would be opening themselves to further liability under HIPAA.
4am@lemmy.zip 3 weeks ago
Tell that to literally every hospital, medical provider, and insurer in the United States.
They’re all using AWS, and OneDrive.
IchNichtenLichten@lemmy.wtf 3 weeks ago
That’s news to me. Every time to vendor tries to get me to switch to their cloud product I tell them to get lost. I’m not willingly handing over patient data to these clowns, I’ve seen how bad they are at security.
atomicbocks@sh.itjust.works 3 weeks ago
I am a software developer who does custom EMR software specifically because the places I work for can’t use the cloud. But okay I will try…
wholookshere@piefed.blahaj.zone 3 weeks ago
can you site the part of HIPAA that says that?
There’s no certification for HIPAA defined in law.
atomicbocks@sh.itjust.works 3 weeks ago
No I can’t cite something that doesn’t exist. I literally just said there isn’t one… so I am not sure what your point is.
angband@lemmy.world 3 weeks ago
The HIPAA Security Rule focuses on safeguarding electronic protected health information (ePHI) held or maintained by regulated entities. The ePHI that a regulated entity creates, receives, maintains, or transmits must be protected against reasonably anticipated threats, hazards, and impermissible uses and/or disclosures. This publication provides practical guidance and resources that can be used by regulated entities of all sizes to safeguard ePHI and better understand the security concepts discussed in the HIPAA Security Rule.
So at what point can a lawyer say that all the cloud breaches violate the “reasonably anticipated” rule?