• 3 min read

Microsoft releases automation for HIPAA/HITRUST compliance

“The best part of the Azure Security & Compliance Blueprint is that it encompasses the exact Azure services architecture required to help customers meet their HIPAA and HITRUST security, privacy, and compliance obligations, along with supporting documentation and a fully-automated deployment process.”   Tibi Popp, CTO, Archive360

I am excited to share our new Azure Security and Compliance Blueprint for HIPAA/HITRUST – Health Data & AI. Microsoft’s Azure Blueprints are resources to help build and launch cloud-powered applications that comply with stringent regulations and standards. Included in the blueprints are reference architectures, compliance guidance and deployment scripts.

“The best part of the Azure Security & Compliance Blueprint is that it encompasses the exact Azure services architecture required to help customers meet their HIPAA and HITRUST security, privacy, and compliance obligations, along with supporting documentation and a fully-automated deployment process.”

– Tibi Popp, CTO, Archive360

Health organizations all over the world are looking to leverage the power of AI and the cloud to improve outcomes, accelerate performance, and enable the vision of precision medicine. “We are enthusiastic about the potential to foster multi-institutional collaborative environments for data sharing and machine learning,” said Chuck Mayo, PhD at the University of Michigan Medicine. Microsoft is working  to meet these challenges with Healthcare NExT, an initiative which aims to accelerate healthcare innovation through artificial intelligence and cloud computing, while at the same time working to protect the privacy and confidentiality of patients.

“We are entrusted with our customer’s and their patient’s most personal data. Cloud unlocks our ability to leverage this data and apply machine learning at scale to save more lives. Securing, governing, and protecting Protected Health Information (PHI) on cloud is an incredible opportunity and responsibility. The blueprint helps us draw from best practices to protect and leverage PHI on the Cloud (for scenarios like Length of Stay Prediction, Clinical Analytics, etc).“ 

– Dr. Ankur Teredesai, Chief Technology Officer, KenSci

The new blueprint provides secure implementation automation for building solutions in environments supporting Health Insurance Portability and Accountability Act (HIPAA), a US healthcare law that establishes safeguards for individually identifiable health information; as well as the Health Information Trust Alliance (HITRUST) framework, a widely recognized security accreditation in the healthcare industry. The blueprint is intended to serve as a modular foundation for customers to adjust to their specific requirements and accelerate the development of machine learning experiments to solve both clinical and operational use case scenarios.

“Clinical informatics teams are entrusted with a very time sensitive mission – to deliver the right care to the right patient at the right time. And our pace of innovation determines how many human lives we can impact. Solution frameworks like the blueprint accelerate my team’s mission to fight Death with Data Science by enabling quicker access to data and insight” 

– Dr. Greg McKelvey Chief Medical Officer, KenSci

components

The blueprint is designed to demonstrate how to deploy a secure end-to-end health solution that contains PHI, and includes:

  • A sample use case scenario: A machine learning experiment for predicting length of stay, a sample data set of 100,000 patient records formatted using Fast Healthcare Interoperability Resources (FHIR), and data visualization using Power BI.
  • Deployment template & automation scripts: Azure Resource Manager templates and PowerShell automation scripts are used to automatically deploy the components of the architecture into Azure by specifying configuration parameters during setup, and pre-load the same data and use case scenario.
  • Cybersecurity threat model & component architecture: A comprehensive threat model provided in tm7 format for use with the Microsoft Threat Modeling Tool, detailing the components of the solution, the data flows between them, and the trust boundaries. The threat model is designed to help customers better understand the points of potential risk in the component reference architecture.
  • Customer responsibility matrix: An Microsoft Excel workbook listing the relevant HIPAA/HITRUST requirements and explaining Microsoft and customer areas of responsibility.
  • External compliance review: A report produced by Coalfire Systems with an auditor’s review of the solution, and considerations for transforming the blueprint into a production-ready deployment, covering both HIPAA and HITRUST. The blueprint provides all the building blocks to successfully start using a serverless cloud solution in under 25 minutes! For a quick look at how this solution works, watch this five-minute video explaining, and demonstrating blueprint deployment.

“The blueprint has helped IRIS to justify we are going in the right direction, and that we are not doing anything rogue when it comes to security, privacy, and compliance” 

– Jonathan Stevenson, Chief Information Officer of Intelligent Retinal Imaging Systems.

To learn more, join Microsoft at HIMSS 2018 and discover how health organizations across the globe are partnering with Microsoft to move beyond digitization into transformation and rallying with innovation. Learn more about Azure Blueprints on the Service Trust Portal. Learn more about Microsoft’s compliance with HIPAA and HITRUST on the Microsoft Trust Center.