Are you on Cloud 9?
According to ClearDATA, there are seven top areas that health businesses need to have firmly in place for HIPAA compliance in the Cloud. These topics include using the public Cloud “in several key ways” to improve patients’ care and ensure PHI safety.
1) Encryption
Do you know that the Health Industry is a go-to destination for hackers? Health information contains the most complete and accurate personal health information (PHI). Currently, there are concerted efforts to ensure PHI is safe and secure in the cloud.
“Data encryption has become so important that enterprises like Google (GCP), Microsoft Azure and Amazon (AWS) already encrypt most of their health care related services.”
2) Redundancy
How do you handle Disaster Recovery? Would you lose your patient data, or could it be hacked in the event of a natural disaster? Hurricanes, tornadoes, floods, or fires can and will happen. Most cloud providers have methods for securely moving and storing your data. This includes across multiple public cloud zones and different geographic regions.
Redundancy is a way to keep copies of your data in multiple server locations. This increases HIPAA compliance in the Cloud, just in case.
3) Transportation
Is your data safe during transportation? As reported by ClearDATA, “Human error during data transportation is often responsible for compromising data encryption.” Some cloud services offer physical and online data movement.
Protect your clients by easily moving large and small amounts of data to and from the Cloud with reputable resources. You should always have your contractors’ business associate agreements (BAA) to cover your HIPAA responsibilities. This includes encryption of any PHI they access.
4) Testing
Ever heard of penetration testing, vulnerability scanning, and intrusion prevention? Your Risk Management advisor or IT Security resources can help you check for any data problems.
Testing means getting ahead and establishing solutions that keep your data processes safe. There are several third-party testing resources for cloud data safety, and audits are also a good way to keep track of your PHI security.
5) Hardening
What is data hardening, and how does it help you? Think of it in terms of physical security. A castle was built with only one entrance and no windows on the outer wall. If a building only has one door and no windows, much like a storage building, it is also more secure, barring anyone from access to any assets inside the walls.
In terms of data, hardening is to reduce the number of ways that your PHI can be accessed to reduce overall risk to that asset. If you have proven, tested, and monitored systems that deploy new data with the same utilities and processes used “to control standards and follow protocols,” you can be assured your data is conformed, organized, and securely stored, protecting your PHI.
6) General Security and Access Management
Any health business must restrict access their PHI, including permissions control for staff or anyone who has access to your data. What do you have in place to monitor login accounts and staff access to PHI? If someone leaves your business, is your data access automatically changed? Be sure you also have systems to ensure the safety of your data in cases of human error.
7) Logging
We are not talking about “logging into” a system here but rather keeping track of everything that happens within an environment that contains your PHI data. Keeping logs that record all activity occurring within your network and your Cloud storage helps keep your data safe from people, natural disasters and any other possible breaches or losses of your PHI.
Monitor your data regularly and you will be one step closer to HIPAA data compliance.
EHR HIPAA Compliance
If you’re considering an EHR to help you maintain HIPAA compliance in the Cloud – or concerned about compliance when utilizing one, be sure to ask your EHR vendor about the items listed above. Your EHR provider should offer solid protocols of compliance – and support for how to ensure your agency’s practices within the system are secure.
