This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

HIPAA compliance on GCP - Is it a shared responsibility?

Posted on 08-27-2024 04:22 AM
dheerajpanyam
Silver 4
Silver 4
Reply posted on --/--/---- --:-- AM

We have a customer looking to deploy a HIPAA compliant  application on GCP. GCP services used are GCE in a MIG, Cloud SQL and GCS.  How do i ensure the application is HIPAA compliant when deployed on GCP? . I read the whitepaper and it mentions data encryption is handled by Google which is fine but I am looking for things to watch out for both from the Infra side and the application side to ensure all the HIPAA standards are adhered to once the application is live on GCP.

Solved Solved
1 2 1,058
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
DamianS
Gold 2
Gold 2
Reply posted on --/--/---- --:-- AM

Hello @dheerajpanyam  ,Welcome on Google Cloud Community.

I've found here : https://cloud.google.com/security/compliance/hipaa , recommended best practices for HIPPA along with essential best practices.  Also to be compliant with HIPPA, be familiar with covered products in Google Cloud BAA (Business Associate Agreement) : https://cloud.google.com/security/compliance/hipaa#covered-products . From general perspective:

1. Use HTTPS
2. Strict with least privilege at IAM
3. Prevent injection attacks ( SQL Injections, XSS, etc)
4. Consider data masking

HIPAA checklist : https://secureframe.com/blog/hipaa-compliance-checklist

--
cheers,
DamianS
LinkedIn medium.com Cloudskillsboost

 

View solution in original post

Jump to Solution
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
DamianS
Gold 2
Gold 2
Reply posted on --/--/---- --:-- AM

Hello @dheerajpanyam  ,Welcome on Google Cloud Community.

I've found here : https://cloud.google.com/security/compliance/hipaa , recommended best practices for HIPPA along with essential best practices.  Also to be compliant with HIPPA, be familiar with covered products in Google Cloud BAA (Business Associate Agreement) : https://cloud.google.com/security/compliance/hipaa#covered-products . From general perspective:

1. Use HTTPS
2. Strict with least privilege at IAM
3. Prevent injection attacks ( SQL Injections, XSS, etc)
4. Consider data masking

HIPAA checklist : https://secureframe.com/blog/hipaa-compliance-checklist

--
cheers,
DamianS
LinkedIn medium.com Cloudskillsboost

 

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
dheerajpanyam
Silver 4
Silver 4
In response to DamianS
Reply posted on --/--/---- --:-- AM

Thanks @DamianS 

Jump to Solution
0 Likes
Top Labels in this Space
Top Solution Authors
View all