In 2013, when the final HIPAA Omnibus was ruled, compliance on the cloud was an opaque understanding. It took collaboration among cloud services providers such as AWS, Azure, and Google, digital health companies like Datica, and the good folks at HITRUST and Coalfire (among many deserving others) to collectively define what it meant.
The process has been hard. Along the way, we learned a lot while also building little mental models or explanations to help distill the evolving complexity into digestible chunks for those looking to make a dent in this industry. Many of those simplifications we put into our new book, Complete Cloud Compliance, which launched this month.
The book tries to answer the question "What Really Is Compliance?" and we think we do a decent job for those who aren't a professional compliance officer. The concepts are familiar to those with deep compliance experience, but we believe are the most efficient explainer for those who truly aren't sure how to answer the question themselves. We thought, if we can help everyone else learn our compliance lessons over the past five years, we can make our dent in this industry.
On Wednesday, September 26th, I'll be giving a webinar where I dive deeper into the topic. I will be summarizing many key concepts throughout the book. For those who have 45 minutes open over lunchtime, I encourage you to attend.
A few big ideas we will explore tomorrow:
- Compliance is not the same as security is not the same as privacy
- Rules and controls are very different, and it's important to understand that
- The faster you can map the difference between organizations, standards, frameworks, and regulations, the faster all these acronyms will make sense to you
- The global nature of compliance
- Why frameworks matter
- How to map a compliance regime onto your cloud architecture
Please join me on Wednesday. Feedback is always welcome!