VMware vCloud® Hybrid Service™ to Help Healthcare Customers Meet HIPAA Security Requirements

VMware Expands Support for Healthcare Customers with Business Associate Agreements for HIPAA Compliance

PALO ALTO, Calif., Nov. 13, 2013 — Today VMware, Inc. (NYSE: VMW), the global leader in virtualization and cloud infrastructure announced Health Insurance Portability and Accountability Act (HIPAA) assessments and attestation for VMware vCloud® Hybrid Service™, and VMware is now providing HIPAA Business Associate Agreements (BAAs) to customers.

“Healthcare-focused customers and partners can now obtain a HIPAA BAA from VMware for vCloud Hybrid Service and take advantage of an independent third party assessment of vCloud Hybrid Service against HIPAA security controls and breach notification requirements,” said Bill Fathers, senior vice president and general manager, Hybrid Cloud Services Business Unit, VMware. “This significant milestone enables our healthcare customers to not only take advantage of the agility and flexibility of vCloud Hybrid Service, but collaborate, share, store and centralize Protected Health Information (PHI) so they can operate more efficiently, while protecting patient privacy.”

VMware recently completed an independent third party assessment against the relevant HIPAA / Health Information Technology for Economic and Clinical Health Act (HITECH) requirements by BrightLine CPAs & Associates, Inc., an independent Certified Public Accountant (CPA) firm that specializes in cloud provider assurance and compliance. The auditor also issued an attestation report stating that the information security program for vCloud Hybrid Service meets the applicable HIPAA security and HITECH breach notification requirements. These compliance milestones enable healthcare-focused customers and partners to confidently embrace vCloud Hybrid Service while meeting HIPAA regulations on BAAs.

“The healthcare IT industry needs trusted, reliable and stable business associates that will help address the appropriate administrative, physical and technical safeguard requirements under HIPAA security rules,” said Dr. Shafiq Rab, vice president and chief information officer, Hackensack University Medical Center. “It is the healthcare industry’s moral and ethical duty to protect the privacy of the very people who in their most vulnerable moments trust us with their lives, and VMware is on the right track in helping us achieve this.”

VMware is also offering a HIPAA/HITECH-focused whitepaper for customers interested in achieving HIPAA/HITECH compliance. The HIPAA/HITECH Compliance Using VMware vCloud Hybrid Service whitepaperoutlines the individual and joint responsibilities of VMware customers when PHI is transmitted to, stored in, processed by, or retrieved from vCloud Hybrid Service.

VMware vCloud Hybrid Service, built on VMware vSphere®, enables customers to extend the same applications, networking, management, operations and tools across both on-premises and off-premises environments. VMware vSphere is the leading KLAS-rated x86 virtualization platform in healthcare, providing hospitals with an industry proven virtualization platform for delivering powerful solutions from the point of care to the hospital’s data center.

Additional Resources

About VMware
VMware is the leader in virtualization and cloud infrastructure solutions that enable businesses to thrive in the Cloud Era. Customers rely on VMware to help them transform the way they build, deliver and consume Information Technology resources in a manner that is evolutionary and based on their specific needs. With 2012 revenues of $4.61 billion, VMware has more than 500,000 customers and 55,000 partners. The company is headquartered in Silicon Valley with offices throughout the world and can be found online at www.vmware.com.

# # #

VMware, VMware vCloud, vCloud Hybrid Service and vSphere are registered trademarks or trademarks of VMware, Inc. in the United States and other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies. The use of the word “partner” or “partnership” does not imply a legal partnership relationship between VMware and any other company.