Over 20 years ago (1996) the US government passed a new law called the Health Insurance Portability and Accountability Act (HIPAA). As a result, organizations like yours must implement security controls to properly protecting electronic protected health information (ePHI).
Because the HIPAA security rule is designed to be risk-based, there is no “one size fits all” answer to what it means to comply with the HIPAA security rule (often referred to as being “HIPAA Compliant”). This also means there is no recognized certification for HIPAA, ultimately entities are responsible for evaluating their own HIPAA compliance and determining whether or not they meet the requirements of the program.
The Pivotal Application Service (PAS) provides a number of key security benefits that map directly to specific safeguards required by HIPAA. This whitepaper provides a mapping between the security capabilities the platform provides and the HIPAA safeguards. Organizations can use this information to understand how their risk posture will improve when their applications are running on the PAS platform.
About the Author
Steve White is a Field CISO for Pivotal where he helps organizations envision and implement new ways of integrating security into the software development, deployment, and operations lifecycle. Steve’s passion for transforming security and infrastructure/operations teams using modern Agile and DevOps principles developed over two decades working in various technology roles. Steve started his technology career in the infrastructure and operations space, ultimately working across all technology functions. Most recently his focus has been on security, helping build a cybersecurity consulting practice for Microsoft and then leading security teams for companies such as Amazon, Sonos, and CenturyLink. In his most recent role prior to joining Pivotal he was the Chief Security Officer for ForgeRock. Steve’s passion lies at the intersection of security, infrastructure, and operations.
