Over the last few weeks I’ve been hearing a lot of discussion around HIPAA. When we speak about HIPAA, invariably the two components of data security and data privacy arises.
In the traditional data centers database managers and data owners know where their data reside and implement the necessary processes to preserve privacy, and audit access.
However when we move to the cloud, the cloud being all about data, we are looking at servers, network, and storage which are abstracted. What this raises concern is that data owners may not necessarily know where their data sets physically reside and we are looking a Cloud Service Provider (CSP) employees who will be handling confidential patient data or Personally Identifiable Information (PII).