With all the benefits and buzz around the cloud, is cloud HIPAA-ready? Can the healthcare industry use the benefits of Cloud without sacrificing privacy on protected Health Information (PHI)?
According to the HIPAA rule:
- It provides federal protections for personal health information held by covered entities and gives patients an array of rights with respect to that information
- A covered entity includes a Healthcare Provider (Doctors, Clinics, Dentists, etc.) who handles information in electronic form, a Healthcare Payer (Health Insurance companies, HMOs, Company Health plans, Government Health Plans – Medicare, Medicaid etc..) and a Healthcare Clearinghouse that includes entities that process non-standard health information they receive from another entity into a standard or vice versa.
- When a covered entity uses contractor or other non-workforce member to perform “business associate” services or activities, the rule requires that the covered entity include certain protections for the information in a business associate agreement.
- The privacy rule protects all “individual identifiable health information (PHI)” held or transmitted by a covered entity or its business associate in any form or media.
As a Covered entity, if one wants to utilize the Cloud to drive efficiencies in the process and cost savings in IT infrastructure, they need to take the same care as they do with regular data center applications. The only difference now is that risks related to resources on the Cloud are transferred to the Cloud Provider. In the case of Cloud sourcing, your Cloud Service Provider is your business associate. As a covered entity, when you are dealing with PHI, you need to pass on the same compliance rules to the cloud provider in its business associate agreement.
Public Cloud Providers are providing HIPAA ready cloud services and virtual private clouds with service level agreements. Amazon AWS offers cloud services to the healthcare industry that are HIPAA compliant.
Private cloud is another option to take advantage of advancements in cloud computing – automation, self-service and virtualization –behind the safety of your firewall on your own virtual private network. In the case of Private clouds, you will apply all your HIPAA rules on the Cloud infrastructure the same as your data centers but you’ll get all the benefits of Cloud computing.
IBM offers Smart Cloud solutions on cloud computing in all three areas IaaS, PaaS and SaaS.
I believe Cloud gives additional efficiencies / cost savings to the healthcare industry by protecting PHI and assuring HIPAA.
A recent article I read on Amazon AWS states that they are offering cloud services for federal agencies to comply with high security requirements (like resources that need to be maintained by US citizens etc.)
Also, cloud is becoming more secure than traditional data centers and personal computing devices.