With the advent of the Affordable Care Act, healthcare organizations that were already doing more with less are now being asked to further streamline operations and cut expenses. Faced with high patient demand, reduced reimbursements and an explosion of medical data, they are viewing cloud services as a viable means of gaining financial and operational efficiency. Yet while many healthcare providers recognize the benefits of cloud-based solutions, concerns around maintaining HIPAA compliance while effectively safeguarding protected health information (PHI) remain.
To help healthcare organizations confidently shift to the cloud, compliant cloud expert and HOSTING Chief Information Security Officer Johan Hybinette recently answered the top six HIPAA compliant hosting questions healthcare organizations need to understand before moving to the cloud. Following is a brief overview of Johan’s insights. You can download his complete Q&A here.
1) What are some of the key factors driving healthcare organizations to adopt HIPAA- compliant hosting services?
Industry consolidation and the emergence of a “data tsunami” are two recent events that are spurring healthcare organizations to invest in HIPAA-compliant hosting services. The nation’s biggest health insurers are currently in a game of musical chairs, eyeing each other as possible acquisition targets. Earlier this month, Aetna agreed to pay $37 billion to acquire Humana. According to the Wall Street Journal, this recent flurry of merger talks reflect health insurers’ ongoing efforts to diversify and cut costs in response to the Affordable Care Act. As a result, larger organizations are being tasked with consolidating enormous volumes of data, including medical records.
Additionally, the healthcare industry is facing a “data tsunami,” marked by an unprecedented increase in medical data. IDC estimates that the amount of healthcare data will reach approximately 2,314 exabytes in 2020 – up from 153 exabytes in 2013. As mobile health and telehealth gain acceptance, the volume of medical data will continue to increase exponentially – as will the need to find a secure, HIPAA-compliant hosting solutions to store all this data.
2) How are cloud service providers addressing HIPAA compliance regulations on behalf of healthcare organizations?
Healthcare organizations cite “willingness to sign a BAA” as their top consideration when evaluating cloud service providers (CSPs). Yet many CSPs refuse to sign a BAA that requires them to assume liability for breaches that may occur around PHI. Others offer up a BAA filled with vague terms and “secret outs” that absolve them of any responsibility. Before engaging with any CSP, healthcare organizations must ask for and carefully review their BAA.
HOSTING is one of the few compliant cloud hosting providers that readily signs BAAs with healthcare organizations as standard practice. As a trusted partner to nearly 200 healthcare organizations, HOSTING assumes the compliance burden through the infrastructure that we manage as well as our clients’ applications. This level of commitment provides our customers’ with peace of mind knowing that their sensitive patient data is secure and always available.
HOSTING is also one of the first cloud service providers to offer managed compliance services for healthcare organizations. Developed and tested by our team of certified security and compliance experts, HOSTING Security and Compliance Services™ empowers companies to manage and monitor their activities related to HIPAA, HITECH and PCI regulations.
Finally, HOSTING supports its healthcare clients with 100% Audit Assurance™ across our cloud solutions and data centers.
3) How can healthcare organizations prepare for the cloud?
Many organizations rely on fragmented in-house IT teams that don’t work together on a regular basis. In some cases, they don’t have the necessary experience in order to migrate their technology assets or manage their cloud environment. In order for them to be successful in the cloud, healthcare organizations need to first be virtualized and then be prepared to redeploy their existing IT resources.
Healthcare organizations also need to conduct a significant amount of due diligence regarding how a cloud solution can meet their overall business strategy. By taking the time to review their technical and business requirements, and reach out to peers who have migrated to the cloud, healthcare organizations can come up with a precise list of requirements to drive a successful engagement.
Need assistance in planing your migration to a HIPAA-compliant hosting environment? Johan and his dedicated team of information security and compliance experts stand ready to help. Contact them anytime to discuss your specific needs. And download Johan’s full Q&A here for more insights.