By Art Gross, President and CEO, HIPAA Secure Now!
Twitter: @HIPAASecureNow
Read other articles by this author
Cloud Hosting & HIPAA Compliance
When you think of trends in healthcare, what comes to mind? Maybe it’s a particular EMR system, new machines in the office, ways in which you communicate with patients… the list goes on. One thing is for sure when we think about all the ways that healthcare has changed over the years; technology has been a driving force behind the possibilities that once seemed incomprehensible.
Of the many technological advancements we’ve seen over the years, cloud-based solutions have become increasingly popular, and a trend that won’t be going away anytime soon. And, like with most things in healthcare, HIPAA plays a key role in ensuring the solutions and technology you’re using are up to par in terms of the safeguards set up to protect your patients and their information.
So, what should you look for when choosing a HIPAA-compliant cloud hosting solution for your business? You need to find something that fits your needs as well as protects the private health information of your patients.
Let’s look at some of the features you’ll need to address when working with a cloud-based vendor.
- Service Level Agreement – what is the uptime that your provider includes should an outage occur? In any business, time is money, but in healthcare, it can mean life or death.
- Virtual Private Network – encryption is critical to maintaining HIPAA compliance and a strong VPN is necessary to protect data while in transmission. Make sure that encryption at rest is part of the offering.
- Secure Socket Layer – ensure that you have SSL certificates on all servers, domains, and subdomains of your environment that contain PHI.
- Environment – The environment that contains the electronic PHI of your patients should be separate from other customers that are part of your provider’s clientele. In other words, your patient data needs to be on its own private segment that is not shared.
- Business Associate Agreement (BAA) – while it does not entirely remove any liability of the vendor, anyone that you work with should be able to provide you with a BAA that outlines and defines their role in protecting PHI. BAAs are also a requirement under HIPAA.
- Multi-Factor Authentication – having a second form of authentication to access accounts acts as an additional layer of security to help to protect unauthorized access to your information.
- Cybersecurity – anti-malware and protection against viruses are critical to all businesses ’ health and success.
Once you’ve determined whether the application, vendor, or hardware is a fit for your business, use this checklist to help you to determine if they will also do what is necessary to keep you in good standing with HIPAA compliance.
If you have questions on cloud security, or securing any of your technology, working with your IT provider is a great way to ensure appropriate measures are being taken to meet compliance requirements and to protect the data you’re trusted with.
This article was originally published on HIPAA Secure Now! and is republished here with permission.