Cloud computing has overcast most, if not all, industry segments because of the benefits it offers. From manufacturing to e-commerce, banking to insurance, and education to real estate, industries are adopting cloud for its inherent benefits. The healthcare industry is also undergoing considerable change with healthcare organizations focusing on delivering ‘smart healthcare’ which means non-traditional care settings, multi-location facilities, and long-distance patient service. According to Deloitte, “With quality, outcomes, and value being the buzzwords for health care in the 21st century, sector stakeholders in the US and around the globe are looking for innovative and cost-effective ways to deliver patient-centered, technology-enabled “smart” health care, both inside and outside hospital walls.”
However, underlying this need for change, the challenges faced by healthcare providers is more close to home and relates to IT and operations. For these organizations, the cloud is not as simple as it looks even though it makes absolute sense in a seamless, connected world of patient care. For HIPAA covered entities especially, the trepidation relates to whether they can consider the cloud while maintaining compliance with regulations related to protecting Electronic Protected Health Information (ePHI). Their concern primarily arises from the fact that there is some amount of ambiguity surrounding the public cloud, especially in terms of security and compliance.
HIPAA or Health Insurance Portability and Accountability Act came into existence in 1996. It has empowered millions of people in America to transfer and continue their health insurance when changing or leaving a job. It protects against health care fraud and most importantly mandates industry-wide standards for health care information on electronic billing. It also mandates confidentiality with health information.
HIPAA and the Cloud
Healthcare organizations, that have an internal IT function, should consider collaborating with cloud service providers to evaluate the benefits versus the risks involved in cloud migration. The service provider becomes responsible for HIPAA compliance.
Some points to be remembered for HIPAA compliant cloud computing:
- The cloud need not really be sky-high for healthcare organizations, as long as the service provider enters an SLA or Service Level Agreement, which covers HIPAA compliance.
- Service providers will need to perform all the necessary due diligence to ensure compliance during migration and after. It is their responsibility to ensure that the cloud has been assessed against the HIPAA Security Rule and data is safe and secure.
- When implementing solutions, service providers should ensure system-wide firewalls which will cover software, hardware, and web apps, for HIPAA compliance.
- Service providers should ensure that the Virtual Private Network (VPN) is encrypted to ensure that applications running on a public network or cloud can still be managed as though it resides on a private network.
- Multi-factor authentication as a security check ensures that more than one form of authentication is in place.
- Finally, a secure sockets layer (SSL certificates) should be in place throughout the application, from where sensitive data can be accessed.
During the last 20 years, Trigent has partnered with Healthcare Providers and Healthcare ISVs to develop innovative solutions in the healthcare space such as Practice Management, Clinical Data Management, Patient Portals, Analytics & Reporting Solutions, and most importantly, Integration Solutions which are HL7 and HIPAA compliant.