Skip to main content

Customer Experience and Design

Microsoft steps up to the HIPAA Compliance challenge in the Cloud

Prior to HIMSS 2011, I blogged about the 3 reasons for using a Managed Private Cloud for Interoperability. In that blog, I noted that in healthcare circles, cloud computing conjures up fears for protecting private healthcare information and security compliance concerns. In the last few weeks, Microsoft has introduced support for HIPAA compliance in their cloud platform called Windows Azure. Microsoft will work with healthcare customers to comply with their own specific requirements and put in place a comprehensive compliance framework to meet HIPAA guidelines and secure a BAA for storing healthcare data in the cloud. Microsoft is committed to providing Windows Azure customers with detailed information about their security compliance programs to help customers make their own regulatory assessments, but they opened the door for building a new class of healthcare applications in the Azure cloud.

HIPAA and the HITECH Act are United States laws that apply to healthcare entities with access to patient information (called Protected Health Information, or PHI). In many circumstances, for a covered healthcare company to use a cloud service like Windows Azure, the service provider must agree in a written agreement to adhere to certain security and privacy provisions set forth in HIPAA and the HITECH Act. To help customers comply with HIPAA and the HITECH Act, Microsoft now offers Enterprise Agreement (volume licensing) customers a BAA as a contract addendum.

Microsoft Windows Azure offers the HIPAA BAA for the following core features:

* Cloud Services (Web and Worker roles)

* Storage (Tables, Blobs, Queues)

* Virtual Machines (Infrastructure-as-a-Service)

* Networking (Windows Azure Connect, Traffic Manager, and Virtual Network)

To read more of the specifics: http://www.windowsazure.com/en-us/support/trust-center/compliance/

As I noted in the earlier blog, the business case for cloud computing for healthcare includes cost reduction, the ability to scale, and better utilization of IT resources. One example of a cost savings with Windows Azure is the ability to set-up development and test environments for developing with Microsoft SQL Server for applications. If your organization wants to test drive or prototype, this new secure cloud is a good choice and can be rapidly implemented – no wait on new hardware or software.

Clearly, the best application for the use of a HIPAA compliant Azure cloud is system integration and interoperability. If your organization needs a clinical data repository shared across multiple care settings including hospitals, physician practices and skilled nursing facilities, Microsoft Azure is a good choice for a low cost place to store and share information to support that HIE goal. A simple SQL Server application that manages patients across multiple care settings for patient safety is also enabled by this secure environment. Another good idea is using Windows Azure for creating an enterprise view of regulatory reporting information by facility, enabling shared business intelligence and analysis. The connections to the various units of the organization from Windows Azure cloud would be secure, private and, yet, always available. The burden of the infrastructure provisioning and day-to-day management of the environments wouldn’t fall on the largest hospital or organizational unit.

In summary, the Microsoft should be congratulated on stepping up to the HIPAA compliance issue with Windows Azure and it should encourage other cloud vendors to consider what that means if they want healthcare customers. A highly secure cloud platform is a prime time idea for healthcare and due to its design can address the security, compliance and other cloud concerns while delivering cost reductions, the ability to scale, and better utilization of IT resources. Interoperability projects, especially HIEs, have a great affinity for the cloud computing model both technically and from a risk/reward perspective. In this drive to Accountable Care Organizations, a strong interoperability backbone will be a key to success.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Martin Sizemore

Enterprise Architect with specialized skills in Enterprise Application Integration (EAI) and Service Oriented Architecture (SOA). Consultant and a trusted advisor to Chief Executive Officers, COOs, CIOs and senior managers for global multi-national companies and healthcare organizations. Deep industry experience as a consultant in manufacturing, healthcare and financial services industries. Broad knowledge of IBM hardware and software offerings with numerous certifications and recognitions from IBM including On-Demand Computing and SOA Advisor. Experienced with Microsoft general software products and architecture, including Sharepoint and SQL Server. Deep technical skills in system integration, system and software selection, data architecture, data warehousing and infrastructure design including virtualization.

More from this Author

Follow Us
TwitterLinkedinFacebookYoutubeInstagram