![]() The auditing of access and attempted access to outsourced data storage is another area of concern when it comes to the documentation of practices. As such, CEs may need to devise a method of encryption that is compatible with their cloud storage provider’s encryption methods. For example, the encryption of data has been identified as a best practice and most HIPAA Compliant Cloud Storage providers will have an encryption method in place, but CEs may not be able to document the type of encryption being used if it is the cloud storage provider’s proprietary information. ![]() A CE must provide documentation relative to his or her particular use of the data, which means knowing more about a provider’s HIPAA Cloud Storage than most cloud storage providers are willing to disclose. CEs should establish a checklist of requirements that they may seek of providers.Ĭhallenges of Implementing Risk AnalysesIn cases where a chosen provider advertises to have implemented a system of risk analysis to address the requirements, a covered entity cannot rely solely upon that advertisement. Even then, the responsibility falls upon a CE to engage some method of risk analysis to ensure that a chosen cloud storage provider is compliant with all of the requirements of HIPAA. CEs should outsource to providers who advertise to be HIPAA Compliant Cloud Storage providers and also those that are willing to provide signature to a required HIPAA Business Associate Agreement (BAA). In addition to implementing methods to protect and secure information, the HIPAA requires CEs to document methods put in place and to provide rationale for adapting the particular methods. Look Beyond Advertisements and BAAsSince covered entities (CEs) have the responsibility to protect and secure health information whether they implement their own system or outsource health data processing, CEs must assess how well a chosen provider meets compliance requirements. Certainly as more healthcare companies move data storage to the cloud, more breaches are possible. #Sookasa hippa compliant software#The 2011 data shows that 16% of all breaches were due to unauthorized access or disclosure and only 6% was due to hacking or otherwise manipulating software and servers. Cloud storage implies that data is stored on servers and accessed through the Internet. It was not clear what percentage of breached healthcare providers used cloud storage methods, but the types of physical devices that were identified as most vulnerable to compromise are not necessary for HIPAA Cloud Storage. ![]() While most breaches were due to negligence, that is one area of vulnerability that maybe overcome by HIPAA training and certification programs. Using the data from 2011, the HHS created seven categories of breach for electronic medical records (EMRs), and each of the seven categories involved breaches of systems that were on-premise, such as with lost hard drives or hard drives stolen from employees. Preliminary Indications of Sources of Breach Since cloud computing eliminates the need to store health information on such devices, many argue that HIPAA Cloud Storage may be a safe alternative to on-premise data storage. #Sookasa hippa compliant portable#Paper records and portable devices, such as hard drives, removable drives and laptops were the most vulnerable to breach. In most instances, the compromise was due to negligence or theft of persons in the heath care industry. As of 2011, the most common breaches listed (63%) resulted from physical theft and the loss of physical items. Since 2009, the Department of Health and Human Services (HHS), the governing body for the HIPAA, lists breaches of healthcare information when breaches affect more than 500 individuals. There are questions as to whether HIPAA Compliant Cloud Storage providers are able to protect and secure data as required per the HIPAA regulations. The HIPAA requires all business associates (BAs) of health care providers, including HCHPs, to provide signature to a BAA) that stipulates that they will abide by the rules and standards governing the HIPAA. This type of easy access to synchronized data offers challenges for HCHPs who claim to be HIPAA compliant. ![]() Cloud computing is a relatively new concept for data storage and manipulation that provides for easy access to data that is synchronized for multiple devices. Some HCHPs process healthcare data and information on managed servers while others take advantage of cloud servers. The choice of HCHPs is as varied as the types of services that they provide. The establishment of the HIPAA in 1996, and the subsequent establishment of the HITECH Act in 2009, requires healthcare providers to implement particular safeguards with respect to the protection of electronic HIPAA Compliant Hosting Providers (HCHPs) to maintain and disseminate their healthcare data and information. Using the cloud for storing files, requires HIPAA compliant cloud storage. Introduction to HIPAA Compliant Cloud Storage ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |