09-25-13 | Blog Post
Attention hosting companies currently supporting healthcare clients: get compliant or get out of the game. For those still unaware, cloud hosting and other IT vendors involved with the storage or transmission of healthcare data must meet HIPAA compliance by…two days ago (September 23). So, by the end of the year, at least, for all you laggers. Here’s what happens if you are not compliant, and still continue to serve healthcare clients:
And for covered entities (healthcare organizations that deal with protected health information (PHI)), if you’re hosting your data and/or applications with a non-compliant business associate (hosting provider), then you can also be held liable in the event of a data breach. Switch to an audited and compliant HIPAA hosting provider, and you’ll be in the safe zone (note: your organization also needs to maintain compliance; your IT vendor does not make you compliant by proxy).
Cloud vendors can’t really afford to take the risk of supporting healthcare clients without first ensuring they’re operating fully in compliance with HIPAA. And HIPAA is a lot more than just technical security – the standards also require administrative and physical security safeguards. A few examples include:
And so much more! The point is, HIPAA compliance is a little more complex as it involves assessing unique organizational structures to ensure there are no security gaps, as well as ongoing maintenance for complete data protection. And if you’re currently using a non-compliant hosting provider to host patient data, you’d better find a new one that is compliant…like yesterday.
Find out more about being compliant in the cloud with our latest white paper, Encryption of Cloud Data. Our HIPAA Compliant Hosting white paper is also specific to healthcare and details the necessary components of a HIPAA compliant hosting stack.