What does the cloud bring to the table for healthcare organizations when it comes to data storage, availability, and ability to meet HIPAA compliance standards?
- High-capacity storage without CapEx costs – The need for high-capacity storage and computing is high in the healthcare industry, with medical imaging producing large data files (X-rays, CAT scans, MRIs, etc.). A high-capacity HIPAA cloud can meet the needs of storage-intensive applications for healthcare companies that also need compliance. Cloud hosting can provide a viable solution without typical hardware requirements.
Recommended reading: Key Benefits of Leasing vs. Building a Data Center
- PHI availability and accessibility – The HIPAA Security Rule requires protected health information is available, meaning “accessible and usable on demand by an authorized person” (HHS.gov). Hosting your data and applications with a third-party requires trust in their ability to provide high availability services to ensure your data is accessible at all times when requested.
Recommended Reading: HIPAA FAQ: What Does HIPAA Cover?
- Cloud disaster recovery for PHI availability – In the event of a disaster, electronic PHI or e-PHI, needs to be recoverable. The HIPAA Security Rule emphasizes the need to ensure the integrity of e-PHI, meaning that e-PHI “is not altered or destroyed in an unauthorized manner.” Cloud-based disaster recovery can significantly improve your recovery time objectives and is more reliable than traditional disaster recovery methods, including tape backup.
Recommended reading: Disaster Recovery for HIPAA Applications – It’s All About Availability of PHI
- Step closer to compliance – As a covered entity, you need to demonstrate and document compliance and the controls you have in place to achieve HIPAA compliance. An integral part of your compliance lies with the IT controls you have in place – if you partner with an audited, HIPAA cloud hosting provider, they already have the documented policies they can hand over to help you demonstrate your own company’s compliance to the HHS/ONC. Additionally, business associates are also responsible for meeting compliance standards to prevent a data breach, as a recent case in which legal action was taken against a business associate exemplifies.
But how can you be sure they’ll adhere to these controls when it comes to your data or applications in the cloud? Make sure you sign a business associate agreement (BAA) with your HIPAA hosting provider outlining their obligations and responsibilities to meet compliance.
Recommended reading: Five Questions to Ask Your HIPAA Hosting Provider
References:
HHS.gov Summary of the HIPAA Security Rule
6 Keys to Data Storage