How to build HIPAA-Compliant Cloud Applications (Health Insurance Portability and Accountability Act)
The Health Insurance Portability and Accountability Act, enacted by the United States Congress in 1996 was created to protect health information coverage for employed people and their families when they become unemployed, either because they change their job or they lose it. According to the U.S. Department of Health & Human Services, HIPAA also includes Administrative Simplification provisions that require HHS to adopt national standards for electronic health care transactions and code sets, unique health identifiers, and security.
With the growing interest of many healthcare organizations in terms of improving security, availability and data and apps performance, HIPAA compliance is slowing down the adoption of cloud computing in the healthcare industry. Federal programs determined the healthcare industry to use electronic health records, therefore the need for cloud storage has become essential. However, methods and processes are now available to ensure compliance for migrating the infrastructure to the cloud.
Any datacenter that has information about patients will have to conform with extremely strict criteria for data protection to be HIPAA certified, including specific training for employees who are allowed to access the protected data and governments audits.
A business associate agreement (BAA) with third-party vendor who access Protected Health Information (PHI) is necessary to ensure privacy and security requirements. A partnership with a HIPAA solutions provider that signs a BAA is an efficient method to make sure this this goes smoothly and everything is secure.
More and more cloud services launched by the IT industry to support HIPAA compliance are now available. For example, Verizon Enterprise Solutions has launched a new cloud service that enable health care providers to comply with the Health Insurance Portability and Accountability Act. NaviSite/TimeWarner along with other Enterprise Cloud hosting vendors also offer HIPAA compliant cloud solutions.
The number of data center providers that will be HIPAA certified will continue to increase in the future which will allow them to offer services to hospitals and medical practices.
By Rick Blaisdell