There's a whitepaper by Amazon on the topic. Google it, it's been a few months since I looked at it, don't have a link offhand, sorry.
Thanks- - Andy Badera - [email protected] - Google me: http://www.google.com/search?q=andrew+badera - This email is: [ ] bloggable [x] ask first [ ] private On Mon, Jul 6, 2009 at 5:17 PM, GenghisOne<[email protected]> wrote: > > Does anyone know if Amazon's EC2 platform is HIPAA-compliant? > > On Jul 6, 12:44 pm, richard emberson <[email protected]> > wrote: >> Not going to happen. The IT requirements for Google would >> cost far more than the couple of applications that might >> need HIPAA. They would have to have a completely >> separate group with their own machines, passwords, >> procedures, etc. with a real wall (both material wall >> and software/hardware wall) between the group and the rest of >> Google or all of Google would have to be HIPAA >> compliant. So, how much is it worth for Google? Not much. >> >> RME >> >> >> >> Ken wrote: >> > Hi, >> >> > I'm researching the feasibility of running a healthcare app on the >> > AppEngine cloud. I've read through the AE terms of service and they >> > don't say much about the actual security guidelines other than >> > deferring to the boilerplate Google security policy. I have no doubt >> > there are internal documents detailing the exact security guarantees >> > provided by Google's infrastructure, but that information is not >> > readily available to the public. >> >> > It's been a full year since the last time HIPAA was discussed in this >> > group. Now that SSL support has been enabled, data transfer >> > constraints can be met with ease. So, what's the story today with GAE >> > and HIPAA compliance? Are the App Engine's data storage and transfer >> > mechanisms compatible with the guidelines set out by HIPAA? >> >> > Google Apps documentation has quite a bit more security information, >> > such as specifying annual SAS 70 Type II audits. I'm not familiar >> > with this particular security audit, but some quick research seems to >> > indicate that SAS 70 audit controls are mostly a superset of HIPAA >> > guidelines. However, there are some aspects of HIPAA compliance that >> > seem to be difficult to implement in a distributed database system, so >> > any reassurances from the Google App Engine folks in this regard would >> > be most appreciated. >> >> > Thanks! >> >> > Ken >> >> -- >> Quis custodiet ipsos custodes > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~----------~----~----~----~------~----~------~--~---
