HIPAA Compliance for Containers Has Never Been Easier

Containers aren’t just a cool technology for startups (though they definitely are that!); they’re transforming the way organizations of all shapes and sizes build, ship, and run their apps. This is across industries, even highly regulated industries, so it’s important that organizations understand how existing security requirements apply to containerized environments. We recently talked about our joining the PCI Council and shipping the PCI Compliance Guide for Containers and we’re happy to announce a similar guide today for organizations in the health industry focused on HIPAA. We’re proud to call a number of these health organizations our customers – including one of the largest health insurers in the US, one of the top medical research institutions and hospital chains, and several medical device manufacturers. Each of these organizations is using containers to improve the way they build and ship apps which results in better research and better care.

Our Guide to HIPAA Compliance

Our new guide, Twistlock’s Guide to HIPAA Compliance for Containers, will help you to achieve compliance with the HIPAA Security Rule for containerized workloads. In health care, there is a class of sensitive data known as electronic personal health information, or ePHI. Any covered entity, business associate, or subcontractor that creates, receives, maintains, or transmits ePHI is subject to a piece of legislation known as the HIPAA Security Rule. The Security Rule requires you take the appropriate measures to safeguard ePHI. ePHI is tightly woven into the fabric of the typical health care app. Apps such as virtual doctor visits, glucose monitors, and billing systems are built around ePHI. It’s the ePHI itself — collecting it, storing it, analyzing it — and the exchange of it — between doctor and patient, provider and insurer, covered entity and business associate — that creates value, engages patients, and improves inefficiencies.

Safeguarding ePHI in compliance with HIPAA is a challenge because the Security Rule only provides high-level guidance. It doesn’t prescribe specific countermeasures to the threats that make ePHI most susceptible to breaches. This guide takes an approach to HIPAA compliance of employing a risk-based framework created by the National Institute of Standards and Technology (NIST), known as the Cybersecurity Framework, to meet the standards and specifications of the Security Rule. In our guide, we break down this framework section by section, show you how each applies to containers, and provide specific guidance on how Twistlock can be configured to help achieve compliance. Finally, we also provide an JSON template which includes many of these settings in a ready to use file you can upload directly into Twistlock to accelerate the process.

We hope you find the guide useful and would be happy to show you a live demo of Twistlock or help you evaluate it in your own health organization.

← Back to All Posts Next Post →