Note: This is blog 1 of 4 in our HIPAA series.
With identity theft on the rise, HIPAA compliance is becoming more vital than ever for businesses in the healthcare industry. The costs of violating HIPAA continue to increase; HIPAA non-compliance penalties went from $6.1 million in 2015 to $23.5 million in 2016. Experts predict they will continue to increase in 2017.
To assist with HIPAA compliance and to help protect against potential liabilities, the healthcare industry has been turning to the cloud for better security. In this first part of a four-part series, we’ll explore how the cloud is helping healthcare companies better address compliance with the HIPAA Security Rule.
How cloud computing plays a role in healthcare
The backstory to the healthcare industry’s HIPAA compliance strategy is healthcare’s migration to the cloud. The global cloud computing healthcare market stood at $4.5 billion at the end of 2016, and is on track to rise to nearly $6.8 billion by the end of 2018, according to projections by Transparency Market Research. Disaster recovery, data storage, and mobile health are the three biggest application needs driving healthcare’s cloud migration, according to TechTarget research.
The cloud’s ability to provide automated remote virtual backups makes it ideal for disaster recovery, enabling healthcare companies to have a secure backup offsite in the event of an on-site emergency. Meanwhile, the cloud’s scalability makes it suitable for storing the huge amounts of data that healthcare providers must manage. And the cloud’s connectivity to mobile devices makes it a perfect tool for delivering healthcare solutions to mobile device users.
What HIPAA compliance is all about
In conjunction with these applications, the healthcare industry is also using the cloud as a tool for HIPAA security compliance. The Health Insurance and Portability Accountability Act of 1996 established national privacy and security standards to protect healthcare patients. HIPAA’s Privacy Rule regulates standards for maintaining the confidentiality of certain healthcare information.
HIPAA’s Security Rule puts these privacy standards into effect by regulating standards for protecting health information stored in electronic form, known as electronic protected health information (e-PHI). HIPAA requires healthcare providers to maintain the confidentiality, integrity, and availability of all e-PHI they handle; to take reasonable steps to safeguard against anticipated security threats; to protect against impermissible uses or disclosures of information; and to ensure compliance by their workforce.
How HIPAA fits into the healthcare cloud
For companies seeking to comply with HIPAA’s security provision, the healthcare cloud serves as an improvement upon the security afforded by traditional on-premises data storage. Traditional on-premises storage is restricted by the space limitations of in-house IT equipment, which becomes impractical when terabytes of data are involved. On-site servers are also vulnerable to data loss if they become compromised or damaged in a disaster. On-premise servers further depend on in-house IT security teams, who typically handle security as part of a host of other IT duties.
Cloud servers address these disadvantages. Cloud usage can be scaled up to accommodate any amount of data, even if it overflows the capacity of in-house servers. Cloud servers are stored off-site where data is automatically backed up in multiple locations, so that a data hack or on-site disaster will not result in data loss. And cloud providers have full-time dedicated security specialists, alleviating healthcare providers of the need to rely solely on in-house IT teams for security.
An invaluable tool
As the healthcare industry migrates to the cloud, healthcare companies are finding the cloud an invaluable tool in their efforts to meet HIPAA compliance standards. The cloud makes it easier for healthcare companies to store large amounts of data, to back up stored data, and to keep stored data secure. We’ll explore how the cloud helps healthcare companies in their efforts to comply with a specific HIPAA provision in the next article in this series: Cloud Computing and Healthcare: Understanding the HIPAA Omnibus Rule.