Seeing a huge opportunity in the $3 trillion healthcare market, support from cloud service providers and other cloud vendors is widening for HIPAA (Health Insurance Portability and Accountability Act) compliance.
In January, the Department of Health and Human Services issued its “final rule” to modify HIPAA. Because the healthcare industry is a prime target for identity and data breaches, the final rule is intended to improve patient’s privacy protections, provide individuals new rights to their health information, and strengthen the government’s ability to enforce the law.
The intent is to extend HIPAA’s legal liability beyond just “Covered Entities,” which is typically the originating source of our Personal Health Information (PHI), Forbes contributor Dan Munro explained in a recent article.
“Business Associates aren’t required to sign an Agreement – but HIPAA and the Final Rule clarifies the legal and financial liabilities in every direction for failure to do so,” wrote Munro. “As it relates to Cloud Service Providers, Health and Human Services (through their enforcement arm – the Office for Civil Rights) is making the importance of the Business Associate Agreement crystal clear, citing language from David Holtzman of the Information Privacy Division of the Office for Civil Rights.
“If you use a cloud service, it should be your Business Associate. If they refuse to sign a Business Associate Agreement, don’t use the cloud service,” according to Holtzman.
Since the final rule, CSPs that contract directly with healthcare providers are coming out to declare their HIPAA compliance efforts. One such example is cloud storage provider Box, which recently announced the company complies with both HIPAA and the Health Information Technology for Economic and Clinical Health (HITECH) Act.
In addition, Microsoft has updated its existing HIPAA BAAs to coincide with the new regulatory language in the final omnibus HIPAA regulation.
With more cloud service providers offering HIPAA-specific compliant solutions, healthcare businesses should verify that their chosen cloud service provider is in fact HIPAA compliant before signing up for the service, advises Scott Good, IaaS product manager at Savvisdirect.
A recent study by the firm Markets and Markets indicates that the healthcare cloud computing market, which is only currently about 4 percent of the industry, is expected to grow to nearly $5.4 billion by 2017.
Edited by
Stefania Viscusi
