In order to be compliant in the cloud, you build a security program that does the following:
- Ensures the confidentiality, integrity and availability of all ePHI created, received, stored or shared.
- Identifies and protect against threats to the security of ePHI
- Protects against impermissible uses or disclosures of ePHI
- Enforces compliance by everyone who handles the ePHI