HIPAA Cloud Solutions?

Join Our Mailing List 

On New-Wave Technology

Carol S. Miller

By Carol Miller RN MBA

To help hospitals and health systems comply with Health Insurance Portability and Accountability Act regulations, best practices are emerging for securing all electronic communication – cloud, wireless, and texting – of protected health information.

These new technologies will continually be evolving with hospitals, providers and patients move to new means of communication.  Below is a description of one.

Cloud Solutions

Cloud solutions are becoming a needed commodity in treating patients today but also present a risk to privacy and security violation.  Despite the advantages of cloud computing, organizations are often hesitant to use it because of concerns about security and compliance.

Specifically, they fear potential unauthorized access to patient data and the accompanying liability and reputation damage resulting from the need to report HIPAA breaches. While these concerns are understandable, a review of data on HIPAA breaches published by the HHS shows that these concerns are misplaced.

In fact, by using a cloud-based service with an appropriate security and compliance infrastructure, a facility can significantly reduce its compliance risk.




Business-Associate Agreements

Because HIPAA compliance involves stringent privacy and security protections for electronic health information (PHI), many cloud providers are balking at signing new Business-Associate agreements.


Most cloud-technology providers, such as Box and Dropbox, do not include the built-in privacy protections that guarantee HIPAA compliance. Because many cloud storage companies store plaintext data on their servers, PHI is especially vulnerable to breaches and compliance violations. 


Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com


Risk Management, Liability Insurance, and Asset Protection Strategies for Doctors and Advisors: Best Practices from Leading Consultants and Certified Medical Planners™



3 Responses

  1. “Novato firm remains silent about ransomware attack on patient records”

    By Richard Halstead, Marin Independent Journal, August 13, 2016.


    “Officials at a Novato company that provides medical billing and electronic medical records services to many Marin physicians aren’t talking about a ransomware attack on their system this month that left doctors unable to access patient records for more than 10 days. Lynn Mitchell, CEO of Marin Medical Practice Concepts, issued a terse email on Aug. 4 confirming that her company had paid a ransom to regain access to its data. She wrote, ‘To date, there is no evidence that any patient information was accessed, transferred or otherwise compromised.’”

    Darrell K. Pruitt DDS


  2. “Bizmatics Cyberattack: Assessing the Fallout – Tracking the Impact of Hack of Cloud-Based EHR Vendor.”

    By Marianne Kolbasuk McGee for Healthcare Info Security, June 30, 2016.


    Darrell Pruitt DDS


  3. Why even bother with HIPAA?
    [So much for privacy]

    “A Federal Court Says Your Prescription Records Aren’t Really Private. The Supreme Court Might Have Something to Say About That.”
    Brett Max Kaufman
    [Staff Attorney]
    ACLU Center for Democracy


    “… But the court disagreed, deciding that ‘[p]hysicians and patients do not have a reasonable expectation of privacy in the highly regulated prescription drug industry,’ because a patient who gives a doctor private health information takes the risk that her prescribed treatment will be regulated by state law. In other words, because a person gives sensitive information to a third party (here, a doctor and pharmacist!), that person loses an expectation of privacy in that information — the so-called ‘third-party doctrine.’”

    Darrell Pruitt DDS


Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: