New-Wave Technology and PHI
[By Carol Miller RN MBA]
To help hospitals and health systems comply with Health Insurance Portability and Accountability Act regulations, best practices are emerging for securing all electronic cloud communication of protected health information.
These new technologies will continually be evolving with hospitals, providers and patients move to new means of communication.
Cloud Solutions
Cloud solutions are becoming a needed commodity in treating patients today but also present a risk to privacy and security violation. Despite the advantages of cloud computing, organizations are often hesitant to use it because of concerns about security and compliance.
Specifically, they fear potential unauthorized access to patient data and the accompanying liability and reputation damage resulting from the need to report HIPAA breaches. While these concerns are understandable, a review of data on HIPAA breaches published by the HHS shows that these concerns are misplaced.
In fact, by using a cloud-based service with an appropriate security and compliance infrastructure, a facility can significantly reduce its compliance risk.
***
***
But, because HIPAA compliance involves stringent privacy and security protections for electronic protected health information (PHI), many cloud providers are balking at signing new Business-Associate Agreements.
Most cloud-technology providers, such as Box and Dropbox, do not include the built-in privacy protections that guarantee HIPAA compliance. Because many cloud storage companies store plain-text data on their servers, PHI is especially vulnerable to breaches and compliance violations.
HIPAA Not Aging Well
HIPAA was written nearly 20 years ago, before cloud health applications were even envisioned. Because of this, some areas of the law make it hard to determine which applications must be HIPAA- compliant and which are exempt. Considering the numerous ways security breaches can occur with a cloud solution, it is no wonder that HHS is very leery about how PHI is handled on server farms in the cloud.
Assessment
Regardless of the storage modality – it is important to take all the steps possible to comply with HIPAA guidelines.
Conclusion
Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.
Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com
OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:
- PRACTICES: www.BusinessofMedicalPractice.com
- HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
- CLINICS: http://www.crcpress.com/product/isbn/9781439879900
- ADVISORS: www.CertifiedMedicalPlanner.org
- FINANCE: Financial Planning for Physicians and Advisors
- INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors
- Dictionary of Health Economics and Finance
- Dictionary of Health Information Technology and Security
- Dictionary of Health Insurance and Managed Care
***
Filed under: Health Law & Policy, Information Technology | Tagged: Carol Miller RN MBA, cloud storage, Dropbox, HIPAA, PHI, protected health information, server farms | Leave a comment »