| copyright | lastupdated | keywords | subcollection | ||
|---|---|---|---|---|---|
|
2021-03-24 |
GDPR, HIPAA, data security, PHI, europe, ACS |
account |
{:shortdesc: .shortdesc} {:important: .important} {:tip: .tip} {:note: .note} {:external: target="_blank" .external}
{: #eu-hipaa-supported}
If you're the account owner, you can enable your {{site.data.keyword.cloud}} account to be EU supported, Financial Services Validated designated, and HIPAA supported. You can enable the EU Supported setting, for example, if you use resources to process personal data for European citizens. You can enable the Financial Services Validated setting to include and manage regulated financial services information. And, you can enable the HIPAA Supported setting if you plan to include Protected Health Information (PHI) in HIPAA-enabled services. {:shortdesc}
{: #bill_eusupported}
Enabling the EU supported setting limits Advanced Customer Support (ACS) that is provided by {{site.data.keyword.Bluemix_notm}} support team members in the European Union region. However, {{site.data.keyword.Bluemix_notm}} processing activities might be performed by teams that are outside of the EU region. Global teams can be contacted when issues aren't resolved by the ACS teams in the EU. The global teams are always contacted at the instruction of the EU support team and only when there's no impact to the security or privacy of your data.
By enabling this setting, EU supported services have strict access controls to ensure the data you store and process is restricted and controlled by the IBM support team in the EU region. If {{site.data.keyword.Bluemix_notm}} experts that are outside of the European region need access to this data, an EU support team member reviews the access request. The EU support team member provides necessary access to the global cloud expert only to the requested system, and only for a specific timeframe after which access is revoked. Throughout this process, your data is always protected.
- In the {{site.data.keyword.Bluemix_notm}} console, go to Manage > Account, and select Account settings.
- Click On.
- Read the information about enabling the setting, and select I understand and agree to these terms.
- Click On.
After you enable the setting, you can use the EU Supported filter option to search the catalog for products that have EU-supported pricing plans.
{: #enabling-fs-validated}
You can enable your account to use services designated as {{site.data.keyword.Bluemix_notm}} for Financial Services Validated, which leverage the industry’s highest levels of encryption certification and provides preventative and compensatory controls for financial services regulatory workloads, multi-architecture support and proactive, and automated security.
The {{site.data.keyword.Bluemix_notm}} for Financial Services Validated designation is currently available for services operating in the Dallas (us-south) and Washington DC (us-east) multizone regions{: term}. {: note}
When you enable this setting, you are indicating that your account stores regulated Financial Services information.
- In the {{site.data.keyword.Bluemix_notm}} console, go to Manage > Account, and select Account settings.
- For the Financial Services Validated option, click On.
- Read the information about enabling the setting, and select I understand and agree to these terms.
- Click On.
After you enable the setting, you can filter the {{site.data.keyword.Bluemix_notm}} catalog to display services designated as Financial Services Validated. The Financial Services Validated label on a service can apply to all available plans or be limited to specific plans or configurations.
{: #enabling-hipaa}
The US Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act define standards for handling electronic healthcare transactions and information. If you or your company is a covered entity as defined by HIPAA, you must enable the HIPAA Supported setting if you run sensitive workloads that are regulated under HIPAA and the HITECH Act. Learn more about {{site.data.keyword.Bluemix_notm}} compliance in Compliance on the {{site.data.keyword.Bluemix_notm}}{: external}.
Enabling this setting has the following effects:
- Enables you to filter on HIPAA Enabled services in the catalog
- Indicates to IBM that your account stores protected health information (PHI)
- Digitally accepts the IBM Business Associate Addendum (BAA) for covered entities
Enable this setting only if you or your company is a covered entity as defined by HIPAA. If you or your company is a business associate of a covered entity, contact {{site.data.keyword.Bluemix_notm}} Sales{: external} to accept the applicable BAA. For more information about HIPAA definitions of covered entities and business associates, see the US Department of Health & Human Services{: external} website. {: important}
Accounts that enable the HIPAA Supported setting still have access to the full catalog of services. {{site.data.keyword.Bluemix_notm}} services typically offer multiple plans. The HIPAA Enabled label on a service can apply to all available plans or be limited to specific plans or configurations. You as the client are solely responsible for limiting PHI to HIPAA Enabled product plans and architecting in accordance with HIPAA and HITECH.
- Go to Manage > Account, and select Account setting in the console.
- For the HIPAA Supported option, click On.
- Read the information about enabling this setting.
You can't disable the setting after you enable it. {: note}
- Select Accept, and click Submit.
After you enable the setting, you can use the HIPAA Enabled tag to search the catalog for products that are HIPAA enabled.