Ways Using The Cloud Can Help With HIPAA Compliance


Healthcare providers are looking for the latest innovative solutions to streamline and improve their HIPAA-compliant software to cut costs and increase efficiency, but most importantly to protect patient data. The traditional methods of back-up, disaster recovery, continuity and archiving solutions are fast-becoming obsolete due to high costs and dated accessibility, while more affordable and refined software is more readily available. Amid the technological revolution evident today, the ways HIPAA compliance is traditionally met can prove problematic for healthcare organizations looking to keep their applications running in real-time, ensure security is at an optimum and provide access to information 24/7.

Healthcare providers are looking for an all-encompassing solution to their HIPAA-compliant needs - cloud internet-based computing could be that solution.

The benefits of cloud computing

Cloud solutions are not only a cost-effective way to overcome the issue of outdated hardware and software but can also improve security. Advanced encryption tools enable healthcare organizations the peace of mind they require to switch their HIPPA-compliant software over to the cloud. Cloud computing is the latest technological resolution to maintaining and managing the complex infrastructure required to support any organizations’ activities. Cloud offers healthcare providers with the HIPPA -compliant tools needed to keep track of procedures and policies to ensure their workforce have access to the latest information. There are also several other benefits to switching to cloud computing: improved archiving for patient records, builds a bridge between medical teams and healthcare providers, saves on in-house storage needs, aids with medical research, improves out-patient experience and can increase interactivity between patient and organization. There’s no doubt cloud technology can most definitely streamline a business without the need for expensive and antiquated systems that are no longer up-to-scratch. A report by MarketsandMarkets predicts that healthcare cloud computing will rise at a CAGR of 29.8 percent to 6.5 billion USD by 2018. By 2020, Cloud computing is expected to become the IT infrastructure norm across the healthcare industry.

Ensuring the cloud is HIPAA-compliant

Security has been a major barrier to cloud adoption in the healthcare industry, HIPAA-compliant cloud solutions are now becoming more secure but risks still exist. According to the U.S. Department of Health and Human Services, in order to fulfill the Health Insurance Portability and Accountability Act of 1996, the HIPAA Privacy Rule and the Security Rule must be adhered to. “The Privacy Rule establishes national standards for the protection of certain health information” while “the Security Rule establishes a national set of security standards for protecting certain health information that is held or transferred in electronic form”. There are three main safeguards needed to ensure HIPAA compliance. First are the technical requirements which includes a minimum 128-bit encryption, plus deletion and destruction of data in line with the Department of Defense’s standards. Second are issues relating to the physical infrastructure such as security to the mainframe. The Physical Safeguards in the HIPAA Security Rule include “standards for facility access controls, workstation use and security and device and media controls”. Thirdly, there are also several administrative requirements that must be followed to meet HIPAA compliance. These include a provider’s “security management process, assigned security responsibilities, workforce security, information access management, security awareness training and contingency planning”. The HHS states that HIPAA covered entities and business associates are “questioning whether and how they can take advantage of cloud computing while complying with regulations protecting the privacy and security of electronic protected health information (ePHI)”. According to the HHS, when a covered entity engages the services of a cloud solution provider (CSP) “to create, receive, maintain, or transmit ePHI (such as to process and/or store ePHI), on its behalf, the CSP is a business associate under HIPAA”. What’s more, when a business associate subcontracts with a CSP “to create, receive, maintain, or transmit ePHI on its behalf, the CSP subcontractor itself is a business associate”.

These national standards mean that every party that touches this kind of healthcare data must be compliant. The steps highlighted above ensure CSPs and healthcare providers are following the correct procedures, protocols and policies to ensure they remain HIPAA-compliant at all times.

Cloud enhances data sharing but does it pose a security risk?

HIPAA and cloud

Cloud benefits healthcare providers because it can develop, grow and adapt to the business rather than the organization having to spend vast sums on database solutions, there is also a reduction in staff numbers, therefore cost, and the need for maintenance is reduced dramatically. According to HIT infrastructure, healthcare providers are fearful of HIPAA violations that stem from cloud technology which could damage their business. The main concern is the amount of hands-on control in-house IT departments must relinquish to enable cloud operations onto their system. Advanced encryption has ensured cloud computing has eliminated the once prevalent security concerns surrounding the software. According to Healthcare IT news,  there are two types of data that should be encrypted, structured data and unstructured data. They state that the most common options for encrypting these data types include: “whole disk encryption, database encryption, agent based encryption and application layer encryption”.

Although it is clear cloud computing can offer increased security and significant cost-saving benefits the service does come with certain risks that need to be addressed.

HIPAA-compliant software on the market

Healthcare providers are looking for new types of cloud platforms that go beyond back-up to provide the most comprehensive and easy-to-use data protection solutions. 

The Axcient Business Recovery Cloud is a market leader and “securely protects every part of their patient record and health information infrastructure, keeping data accessible, applications running, and doctors and administrators productive and in compliance with HIPAA regulations”.

Egnyte provides HIPAA-compliant hosting solutions. They also offer a free trial, a try before you buy deal, and a special cloud storage solution for the healthcare industry. Egnyte is also a market leader.

Carbonite can be used as an offsite back-up tool for disaster recovery and stores all data in encrypted form. Their data centers are extremely secure with many protective measures in place that restrict personnel access using advanced security measures.

Box.com is also a respected HIPAA-compliant cloud platform which has experienced widespread commercial success of late.

Understanding cloud services

According to HIT infrastructure, the “as-a-service” tag is the main identifier for cloud technology, which uses the CSPs resources for storage, app development, or management. Healthcare providers will pay monthly subscriptions to be able to use cloud services which reduces the need for constant technological updates and maintenance. Cloud computing is internet-based and includes several different elements but the main are “software-as-a-service (SaaS), platform-as-a-service (PaaS), and infrastructure-as-a-service (IaaS)”. SaaS solutions are “used for several healthcare IT functions, including electronic health records (EHRs), medical practice management systems, and health information exchange (HIE)”. PaaS offers more control over cloud environments through “an application hosting environment allowing organizations to build and deploy custom applications without having to build or maintain the infrastructure”. Finally, IaaS provides organizations with “storage, networks, and other fundamental computing resources to deploy and run arbitrary software, such as operating systems and applications”.

There are many benefits to the company of using a ‘white label’ provider to offer additional services to its customers.  Working with a partner to develop or deliver additional services includes:

·         Reduced costs (or none) of development

·         Speed-to-market

·         Learning new skill sets and market knowledge

·         Keeping focus on core offerings

·         Adding value to the customer

A ‘white label’ partner is often smaller, more nimble, and/or has a different core focus than the primary company.  If the company would like to deliver Security Services, but their core offering is around networks, they won’t already have security experts.  Some might argue that they need to build the offering themselves, but the go-to-market process for an in-house offering, often due to red tape and budgets, would likely be months if not over a year.  Another argument is that the service offering is already a proven commodity to the provider, with existing staff, who have the technical experience and the marketing knowledge to deliver effectively. 

Get in Touch!

Telephone: (919) 439-5000
Email: info@mercuryz.com
1150 SE Maynard Rd
Cary, NC 27511
263 13th Ave S, Suite 340
St Petersburg, FL 33701

facebook linkedIn facebook