Update on HIPAA Cloud Solutions for Hospitals and Health Systems

Posted on February 5, 2016 by Dr. David Edward Marcinko MBA

Join Our Mailing List 

New-Wave Technology and PHI

Carol S. Miller

[By Carol Miller RN MBA]

To help hospitals and health systems comply with Health Insurance Portability and Accountability Act regulations, best practices are emerging for securing all electronic cloud communication of protected health information.

These new technologies will continually be evolving with hospitals, providers and patients move to new means of communication.

Cloud Solutions

Cloud solutions are becoming a needed commodity in treating patients today but also present a risk to privacy and security violation. Despite the advantages of cloud computing, organizations are often hesitant to use it because of concerns about security and compliance.

Specifically, they fear potential unauthorized access to patient data and the accompanying liability and reputation damage resulting from the need to report HIPAA breaches. While these concerns are understandable, a review of data on HIPAA breaches published by the HHS shows that these concerns are misplaced.

In fact, by using a cloud-based service with an appropriate security and compliance infrastructure, a facility can significantly reduce its compliance risk.

***

d1052a30277425_561bf03a44905

***

But, because HIPAA compliance involves stringent privacy and security protections for electronic protected health information (PHI), many cloud providers are balking at signing new Business-Associate Agreements.

Most cloud-technology providers, such as Box and Dropbox, do not include the built-in privacy protections that guarantee HIPAA compliance. Because many cloud storage companies store plain-text data on their servers, PHI is especially vulnerable to breaches and compliance violations.

HIPAA Not Aging Well

HIPAA was written nearly 20 years ago, before cloud health applications were even envisioned. Because of this, some areas of the law make it hard to determine which applications must be HIPAA- compliant and which are exempt.  Considering the numerous ways security breaches can occur with a cloud solution, it is no wonder that HHS is very leery about how PHI is handled on server farms in the cloud.

Assessment

Regardless of the storage modality – it is important to take all the steps possible to comply with HIPAA guidelines.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

 

Risk Management, Liability Insurance, and Asset Protection Strategies for Doctors and Advisors: Best Practices from Leading Consultants and Certified Medical Planners™ Risk Management, Liability Insurance, and Asset Protection Strategies for Doctors and Advisors: Best Practices from Leading Consultants and Certified Medical Planners™

***

Filed under: Health Law & Policy, Information Technology | Tagged: , , , , , , | Leave a comment »