Choosing The Right HIPAA Compliant Server Cloud Solution
With so many companies receiving fines for HIPAA compliance infractions due to data breaches, it's important to have a HIPAA compliant server. HIPAA and the HITECH ACT help to ensure that companies follow the protection of personal health information (PHI) in both physical and electronic (ePHI) forms. Additionally, there is an ever-growing area of add-on services such as HIPAA compliant cloud storage, CRM, and cloud backups that require the involvement of business associates instead of in-house maintenance. Find out how HIPAA and HITECH can impact service compliance and related services that run on them:
HIPAA Compliant Servers And Related Terms
A HIPAA compliant server is one that adheres to HIPAA rules and standards. As the cloud has grown, companies now turn to outside parties to maintain server-related software such as HIPAA compliant messaging, HIPAA compliant CRMs, and HIPAA compliant cloud backups. These outside parties are known as business associates within HIPAA terminology. These BAs sign a Business Associate Agreement (BAA), which lets the receiving party (company using such services) know that the BA is HIPAA compliant.
Best Practices When Choosing Any HIPAA Compliant Cloud Solution
Any cloud service that a healthcare company uses should make use of a HIPAA compliant server. While HIPAA has not strictly defined how this compliance should be implemented, there are some best practices and questions you'll want to ask any potential cloud service provider:
- Using cloud providers who explicitly state they are HIPAA compliant. You'll want to dig into this further though as each cloud provider will have its own interpretation of what being HIPAA compliant means.
- Ask cloud providers to describe their current security measures and how they handle security breaches. At a minimum, any service provider should encrypt data, but it's important to know how this data is moved around and why. Is the cloud provider unnecessarily moving data around and creating potential points of exposure?
- Customize any cloud provider engagement to your needs. A service provider should be able to adhere to your policies, business associate agreement, service level agreement, and other contracts. If not, the provider may not be a fit for your required security measures. It's better to get everything you need out of any agreement rather than compromising security and potentially violating HIPAA.
HHS.gov has also published a Guidance on HIPAA & Cloud Computing, which clarifies the responsibilities of covered entities, cloud service providers, and business associates. It's your roadmap to compliance of ePHI.
In addition to the above, HIPAA standards require the following:
- Access control
- Audit controls
- Person or office authentication
- Transmission security
- Workstation security
- Device and media controls
- Security management process
Depending on the services offered and level of integration by any HIPAA compliant server cloud solution, you'll also want to go through this checklist to ensure compliance with HIPAA standards.
The Consequences of Not Complying With HIPAA Requirements
Non-compliant cloud providers may be cheaper, but the risks of ignoring HIPAA requirements are far too high for healthcare providers. Non-compliant cloud providers do not have the security measures needed to ensure ePHI is protected, leading to a higher chance of a data breach or hack.
It's important to point out that a data breach isn't required to violate HIPAA requirements. In 2015, a Massachusetts hospital was fined $218k for using a cloud-based file sharing service and violating HIPAA requirements, as reported by HealthcareITNews.com.
Health Care Law Blog reported that HHS’s Office for Civil Rights stated, "Organizations must pay particular attention to HIPAA's requirements when using internet-based document sharing applications."
Choosing the right cloud provider is certainly critical in avoiding fines and negative press. With so many items to check off, how can you be sure everything about a provider is compliant? Fortunately, there are experts who can help you navigate HIPAA compliance.
Choosing The Right Cloud Service Provider
When it comes to security, 8x8 provides reliable and compliant cloud solutions at a demanding level rarely seen by other cloud providers. Don't take your chances with a subpar cloud-based telecom system. Call 1-866-879-8647 or fill out our online form to request a no-obligation quote from an 8x8 Product Specialist.