
Factors that Cloud Service Providers Need to Address for Maintaining HIPAA Compliance
We constantly see that healthcare and insurance providers have to adhere to strict regulations to ensure the safety of consumer’s data. The introduction of latest cloud technology services and the implementation of the Health Information Technology for Economic and Clinical Health (HITECH) Act have brought a significant transformation in the Healthcare sector. The HITECH Act has made it compulsory for healthcare organizations to follow the guidelines laid down under the Health Insurance Portability and Accountability Act (HIPAA). As the number of health institutions depending on cloud services has increased, to reduce costs and infrastructure complexities, healthcare IT executives are faced with the daunting challenge to meet the standards of HIPAA.
While working with cloud service providers, IT executives deal with mainly two types of obstacles with regards to meeting the HIPAA norms:
- Vendors that offer online managed cloud services are fully responsible for data protection, disaster recovery planning, systems redundancy and all general security practices asked by HIPAA.
- Unmanaged cloud service providers need not fulfill all the requirements asked for by HIPAA, as their clients are also held responsible for some of the data protection issues.
Identifying systems that need to meet HIPAA standards — Enabling service providers to identify which systems need to meet the standards underlined by HIPAA is an integral part. Healthcare associations need to first identify all systems that deal with Protected Health Information (PHI). This helps them in determining which system needs to be evaluated so that conformity can be established with HIPAA privacy and security regulations.
Factors that Cloud Service Providers need to Ensure:
Business Associate Agreement (BAA) — The first step towards ensuring that services provided by the healthcare and insurance providers are HIPAA-compliant is signing the Business Associates Agreement (BAA). Signing of a BAA specifies the fact that it would comply with the HIPAA requirements to protect the privacy and security of PHI. Apart from that, it also offers an idea of what the supplier would do for the covered entity.
The location of the Data Center — Another factor of maintaining HIPPA compliance is that the cloud service provider must be able to show where the users’ data is stored at any point of time. This is an important factor in case of an audit as the provider may be needed to document the location of data of all their clients.
Data Access Controls and Regulations — The cloud provider must be able to demonstrate a number of different systems and data access controls. During an audit, they might need to show how user access to critical data is both controlled and consistently maintained— access to the data center, facility equipment, systems, as well as customer data being accessible solely to authorized individuals.
Data Encryption in Flight and at Rest — One of the critical components that cloud service providers need to ensure in keeping the data protected and HIPAA compliant is data encryption. The cloud service providers needs to encrypt data in-flight, at-rest and during transmission via industry standard—SSL transmission. It is a must for service providers to be able to continuously monitor the availability of systems apart from compliance to the Service Level Agreement (SLA). They are also needed to ensure that the data is complete and correct through real time data validation.
Ongoing Auditing and Reporting — In maintaining HIPAA compliance, a cloud service provider also needs to provide proof that the association conducts ongoing log and security reviews in a bid to ensure that the data, systems and environments are safe. These reviews can range from anything between monthly engineering reviews, third-party audits or access reports.
Employee Access Controls — The service providers must also fulfill the criteria of conducting thorough background check of employees who have access to client data apart from conducting regular security reviews, as policies change over time. This is a very important factor as it helps in guarding against unauthorized use of PHI.
The adherence to the above factors helps the cloud service providers maintains the HIPAA compliance. However, in an era where health policies and regulations keep changing constantly, the complexity associated with mere maintenance of the compliance doesn’t end here. The cloud service providers need to keep an eye out, as their responsibility is not only to maintain HIPAA compliance but also to avoid future data breaches.
Check out: Top Healthcare Compliance Solution Companies
ON THE DECK
Featured Vendors
EDITOR'S PICK
Essential Technology Elements Necessary To Enable...
By Leni Kaufman, VP & CIO, Newport News Shipbuilding
Comparative Data Among Physician Peers
By George Evans, CIO, Singing River Health System
Monitoring Technologies Without Human Intervention
By John Kamin, EVP and CIO, Old National Bancorp
Unlocking the Value of Connected Cars
By Elliot Garbus, VP-IoT Solutions Group & GM-Automotive...
Digital Innovation Giving Rise to New Capabilities
By Gregory Morrison, SVP & CIO, Cox Enterprises
Staying Connected to Organizational Priorities is Vital...
By Alberto Ruocco, CIO, American Electric Power
Comprehensible Distribution of Training and Information...
By Sam Lamonica, CIO & VP Information Systems, Rosendin...
The Current Focus is On Comprehensive Solutions
By Sergey Cherkasov, CIO, PhosAgro
Big Data Analytics and Its Impact on the Supply Chain
By Pascal Becotte, MD-Global Supply Chain Practice for the...
Technology's Impact on Field Services
By Stephen Caulfield, Executive Director, Global Field...
Carmax, the Automobile Business with IT at the Core
By Shamim Mohammad, SVP & CIO, CarMax
The CIO's role in rethinking the scope of EPM for...
By Ronald Seymore, Managing Director, Enterprise Performance...
Driving Insurance Agent Productivity with Mobile and Big...
By Brad Bodell, SVP and CIO, CNO Financial Group, Inc.
Transformative Impact On The IT Landscape
By Jim Whitehurst, CEO, Red Hat
Get Ready for an IT Renaissance: Brought to You by Big...
By Clark Golestani, EVP and CIO, Merck
Four Initiatives Driving ECM Innovation
By Scott Craig, Vice President of Product Marketing, Lexmark...
Technology to Leverage and Enable
By Dave Kipe, SVP, Global Operations, Scholastic Inc.
By Meerah Rajavel, CIO, Forcepoint
AI is the New UI-AI + UX + DesignOps
By Amit Bahree, Executive, Global Technology and Innovation,...
Evolving Role of the CIO - Enabling Business Execution...
By Greg Tacchetti, CIO, State Auto Insurance
Read Also
