Page 18 - Delaware Medical Journal - November 2017
P. 18
Cloud Computing Services Can Reduce the Burden of HIPAA Compliance
Ryan T. Keating, Esq.
It seems that much of the world’s in the mythical “cloud.” Indeed,
cloud computing — the delivery of computing services over the Internet
— has grown exponentially over the last few years, led by tech-giants like Amazon, Google, Microsoft, Oracle, and IBM. Cloud computing services are becoming more attractive to business managers because, in some cases, they eliminate the expense of purchasing
the hardware, software, and IT services needed to maintain on-site computer include access to vast amounts of computing resources, and the ability to quickly add storage space.
For some businesses, particularly smaller enterprises, cloud computing may
offer an additional value: a reputable cloud service provider (CSP) possesses the tools and expertise to protect the of their electronic data. While some businesses have shied away from cloud services due to security concerns, leading data security experts have found that a large percentage of cloud security incidents were the customer’s fault.1
Fortunately for physicians, the U.S. Department of Health and Human enforces the Health Insurance Portability and Accountability Act of 1996
(HIPAA), has determined that health care providers may use a CSP to create, receive, maintain, or transmit electronic protected health information (ePHI).2 A health care provider cannot escape its legal obligations under HIPAA simply by utilizing the services of a CSP, but a CSP can serve as a compliance partner, shouldering some of the burden imposed by certain requirements set forth in the Security Standards for the Protection of Electronic Protected Health Information (also known as HIPAA’s Security Rule).
The Security Rule contains 18 mandatory safeguard standards and of which are intended to protect the
338 Del Med J | November 2017 | Vol. 89 | No. 11