HIPAA Compliant Clouds

August 3, 2012 — 1,240 views  
Become a Bronze Member for monthly eNewsletter, articles, and white papers.

What does the cloud bring to the table for healthcare organizations when it comes to data storage, availability, and ability to meet HIPAA compliance standards?

High-capacity storage without CapEx costs – The need for high-capacity storage and computing is high in the healthcare industry, with medical imaging producing large data files (X-rays, CAT scans, MRIs, etc.). A high-capacity HIPAA cloud can meet the needs of storage-intensive applications for healthcare companies that also need compliance. Cloud hosting can provide a viable solution without typical hardware requirements.

PHI availability and accessibility – The HIPAA Security Rule requires protected health information is available, meaning "accessible and usable on demand by an authorized person" (HHS.gov). Hosting your data and applications with a third-party requires trust in their ability to provide high availability services to ensure your data is accessible at all times when requested.

Cloud disaster recovery for PHI availability – In the event of a disaster, electronic PHI or e-PHI, needs to be recoverable. The HIPAA Security Rule emphasizes the need to ensure the integrity of e-PHI, meaning that e-PHI "is not altered or destroyed in an unauthorized manner." Cloud-based disaster recovery can significantly improve your recovery time objectives and is more reliable than traditional disaster recovery methods, including tape backup.

Step closer to compliance – As a covered entity, you need to demonstrate and document compliance and the controls you have in place to achieve HIPAA compliance. An integral part of your compliance lies with the IT controls you have in place – if you partner with an audited, HIPAA compliant cloud provider, they already have the documented policies they can hand over to help you demonstrate your own company's compliance to the HHS/ONC. Additionally, business associates are also responsible for meeting compliance standards to prevent a data breach, as a recent case in which legal action was taken against a business associate exemplifies.

But how can you be sure they'll adhere to these controls when it comes to your data or applications in the cloud? Make sure you sign a business associate agreement (BAA) with your HIPAA hosting provider outlining their obligations and responsibilities to meet compliance.



Online Tech (www.OnlineTech.com) is the leader in secure and compliant hosting services including private cloud hosting, managed cloud hosting, hybrid cloud hosting, managed dedicated servers, disaster recovery and offsite backup services, and Michigan colocation. Online Tech's legacy of independent HIPAA compliant hosting, PCI, SAS 70 Type II, SSAE 16 Type II (SOC 1), SOC 2, and SOC 3 audits and reports ensures the security, privacy, and availability expected of a trusted service organization. For more information, call (877) 740-5028 or email [email protected]