Azure and Healthcare in Developing Countries
Partners in Health “PIH” provides health care to the poor in 10 developing countries, including Haiti, Mexico, and Rwanda, and supports health-care systems by building medical facilities, conducting research, and training local staff in those countries. In addition to coming to the aid during a crisis, Partners in Health provides help over the long term. Technology plays a major role in supporting our efforts on the ground level.
Our mission was to partner with a Cloud Service Platform that would allow us to manage and deploy applications while meeting our security and compliancy needs across a global footprint. Microsoft and Azure Cloud service was the partner PIH was looking for. Microsoft’s Office 365 and Azure has been an integral piece of the operations at PIH. Operating out of 10 countries in some of the most remote poorest locations in the world, our challenges were great. We required on/ off line capabilities that work over low bandwidth. Microsoft Office 365 and Azure was the only solution that could meet our demanding needs.
We required a solution that would allow us to replace our data centers with Cloud services. By adopting the Cloud with strict rules in place—we mitigate our risks. It is not “fire and forget” however, it’s a two way street with ownership on both sides to ensure compliancy is followed and enforced.
Leaning on your MSP to navigate and implement the correct tools to manage your Azure environment are key
Now the question is how did we get there. Migrating to the Cloud is not as easy as some portray it to be. It takes a migration roadmap and most of all a seasoned Managed Service Provider “MSP.” Do your homework and find a MSP that has experience in your space, understands your need and will support you with two main focuses. First the MSP will assist your team with your migration and second you will need them when the time comes to manage your services once you have landed on the Cloud. For some of your team they will transition into an “air traffic controller” role. The days of heading to the data center swapping out drives are gone, long gone. However, leaning on your MSP to navigate and implement the correct tools to manage your Azure environment are key. Your MSP will assist you with your DR and BCP plans. Yes, these plans need to be modified to incorporate your transition to Azure and Managed services. Security and Backup procedures all change now that you have landed on Azure. Leverage your MSP to assist you with best of breed and managing these new services. Migrating to Azure reduced our TCO, increased our ability to scale in a moments notice and its interconnection with O365 and EMS were all key to our success.
When a healthcare company signs up for a HIPAA-compliant IT environment with a Cloud Hosting service such as Azure, that outside organization is acting as a business associate according to the guidelines. HIPAA compliance revolves around the encryption requirements and guidelines for the storage and transmission of data containing PHI. Data is categorized as either “data at rest” (in a database, file share, etc.) or “data in transit” (email, etc.) for a covered entity or business associate that uses HIPAA compliant services to be HIPAA compliant. You must have a signed BAA on file with Azure.
You must implement and follow the guideline that Azure defines in their HIPAA security implementation guides for the services defined in the BAA. Use of HIPAA compliant services without both of these two components does not guarantee HIPAA compliance. Azure offers a form of contractually defined indemnification and shared responsibility with customers who are either covered entities or the business associates of covered entities. These contracts are referred to as a “Business Associate Addendum” or “Business Associate Agreement” contract (BAA). Azure and the use of Office 365, including SharePoint Online, Exchange Online, etc., that manage patient data as defined by HIPAA will be covered under the Microsoft Business Associate Addendum (BAA). Only the HIPAA-eligible services defined in the Microsoft BAA can be used to process, store, and transmit PHI/ ePHI. Microsoft’s Azure and the Office 365 stack has strengthened our technology footprint allowing us to better serve the poor and sick.