PDA

View Full Version : HIPPA Compliance



roccoz
August 17th, 2011, 06:11 AM
Is the service provided by Zmanda HIPPA compliant?

paddy
August 18th, 2011, 09:57 AM
Zmanda Cloud Backup supports various requirements to comply with HIPAA regulations when it is properly configured
and is implemented as part of a fully HIPAA compliant solution. When applied to cloud backup, HIPAA regulations basically apply in two areas - data privacy and data security.

Data privacy: The backup data is transmitted to Amazon datacenters over 128 bit SSL channel. The backup data can be encrypted on the ZCB machine, before it leaves the customer site. Encryption is performed using standard RSA RC4 algorithm and the encryption keys are owned and managed completely by users and hence once data is encrypted, it can't be decrypted by either Zmanda or Amazon Web Services.

Data security: ZCB provides support for backup to multiple Amazon S3 geographic locations to mitigate the risk of failure. ZCB backup data is never transmitted to Zmanda servers and is stored only on datacenters managed by Amazon Web Services. Since customer authentication details are known to Zmanda, the data stored on Amazon servers can be accessed by Zmanda technical support engineers to resolve the customer issues. This access, however, is only upon customer request and is stringently monitored by Zmanda management. The backups are stored in Amazon S3 in special buckets that can be accessed only by ZCB product.

Once ZCB transfers data to Amazon data centers, Amazon safeguards and manages the data as per their published security policy document. Please refer to the Amazon Web Services: Overview of Security Processes document for more details on data privacy and data security measures.



For more information about HIPAA compliance, please see
http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/securityruleguidance.html