Background
A San Diego company that specializes in healthcare consulting for the patients of a large healthcare insurance corporation needed to establish a local presence with specific healthcare compliance requirements. Due to expansion of its business, this healthcare company had an immediate need for additional office space to expand and moved into an available executive suite. However, the suite was unable to accommodate secure equipment, which is a Health Insurance Portability and Accountability Act (HIPAA) requirement.
Recommendations
To be HIPAA compliant, CSCI proposed a hybrid cloud solution that would provide infrastructure from a cloud platform and the client’s own premises. It recommended using the Azure Cloud to support active directory authentication and backups to a secure environment.
CSCI engineers then created a secure VPN tunnel from the Azure Cloud to a Fortinet gateway security product on the client’s premises. They then enabled file logging and storage for the Fortinet gateway device and stored the data in the AWS Cloud. This architecture also allowed engineers to enable a dual-factor authentication scheme, one from the cloud platform and one from the client. Local consultants were then able to use secure voice and access communications provided by Office 365 and an approved VoIP platform.
Timeline
The client had an accelerated timeline for this implementation, which needed to become fully operational within a month of the initial meeting. This timeline required CSCI engineers to begin building out the cloud infrastructure immediately. Furthermore, the on-premise Fortinet solution and desktop computers needed to be installed concurrent with Office 365.
Benefits
Healthcare organizations that are subject to HIPAA compliance benefit from Azure’s service model, which includes “pay-as-you-go” billing for on-demand services. Azure provides both Infrastructure-as-a-Service (IaaS) and Platform-as-a-Servic (PaaS) services to meet a range of client needs. For example, IaaS allows clients to outsource their cloud computing infrastructure, while PaaS allows clients to develop their own applications without investing in IT infrastructure. Azure also allows clients to integrate Microsoft tools such Office 365, Outlook and Sharepoint into their cloud platform. Furthermore, clients can use the same virtual machines on Azure that they use on their own premises.
Results
A HIPAA compliance inspector from Washington, DC conducted an official audit of the healthcare client’s security protocols, infrastructure setup and operational efficiency within 30 days of total implementation. This inspector declared the installation acceptable and compliant with the HIPAA guidelines for protecting patient healthcare information (PHI) after a 45-minute audit.
Current Status
The healthcare client has expanded operations and will soon implement a premise-based solution in the new executive suite. Additionally, this client expects to expand its practice to four times its original business model.
About CSCI
CSCI provides compliance services related to National Institute of Standards and Technology (NIST) and HIPAA for small business organizations in San Diego. We offer on-site and managed services in partnership with major companies such as Microsoft, Cisco, Fortinet and Hewlett-Packard. Contact us today to find out how we can help you meet your compliance requirements.
