Breaking Through the Fear of HIPAA Compliance and Security in the Cloud
According to Gartner Research, “security and compliance remain the most significant barriers to healthcare provider cloud adoption, followed by availability, performance and interoperability concerns.” Nonetheless, we believe that the healthcare industry is slowly overcoming its fear of the cloud as providers see the cloud as a means to help alleviate some industry pressures, cut costs, drive efficiencies and increase mobility.
Much of that is driven by the tidal wave of change affecting the healthcare industry. While trends such as the Internet of Things, a growing mobile workforce and increasingly strict compliance and security regulations have overwhelmed healthcare CIOs, they have also helped make them more receptive to using new technologies — particularly those like cloud that offer proven benefits.
Slow Adoption by Design
Historically, healthcare applications were designed to run on physical equipment, customized to very precise vendor specifications in order to guarantee performance and service level agreements. As virtualization increased in popularity, vendors increasingly tested, then approved their products to run on virtual platforms.
Whether virtual or physical, the infrastructure has to live somewhere. Today, with increased patient loads, hospitals are doing everything possible to make room for more patients. That includes outsourcing data centers and, subsequently infrastructure, to trusted partners with the caveat that they can also meet HIPAA requirements.
The cloud makes sense for healthcare organizations under pressure to deliver new applications that have the ability to improve patient care, as well as provide portals for patient education and wellness efforts. Leveraging cloud resources allows IT departments within these organizations to quickly spin up virtual servers, literally delivering them within minutes.
So What’s Next?
A growing number of healthcare businesses are test driving the cloud with financial, operational, human resources and other back office applications. However, engaging a cloud service provider (CSP) and migrating to the cloud requires choosing the right partner, careful planning and a well thought-out internal strategy.
As healthcare CIOs gain a better understanding of the benefits and challenges in cloud computing, they must commit resources to identifying clinical and business applications that may run more efficiently in the cloud. Careful planning among executives, the IT staff and relevant business partners must be established before considering a move to the cloud for production and/or disaster recovery. All key players should communicate and align so that everyone, from clinicians to executives, are on the same page and can leverage the cloud in a way that works across the entire organization.
After working together to create a cloud strategy, organizations can then seek a reputable CSP that demonstrates a full and complete understanding of protected health information (PHI) and HIPAA regulatory compliance. It’s important that the CSP sign a HIPAA Business Associate Agreement (BAA) to ensure it is protecting PHI in accordance with HIPAA guidelines. A reliable CSP will also have the experience and ability to meet increasingly demanding regulatory, privacy and security mandates.
One thing is certain, cloud computing is going to play an important role in how healthcare organizations will meet industry pressures, cuts costs, drive efficiencies and increase mobility. Partnering with the right CSP can make the transition to the cloud smooth, help healthcare organizations enjoy the benefits of the cloud and allow them to focus on what matters most – saving lives.
 Gartner Research, “Market Guide for Cloud Service Providers to Healthcare Delivery Organizations,” October 30, 2015