Why Using the Cloud to Maintain HIPAA-Compliant IT Makes Sense

1 - Why Using the Cloud to Maintain HIPAA-Compliant IT Makes Sense
2 - Reduced Costs Related to IT Maintenance
3 - Guaranteed Security and Compliance
4 - Advanced Data Encryption Support for Data in Transit, at Rest
5 - Strong Virtual Networks Required
6 - Increased Physical Security in the Office
7 - Increased Security Inherent in Cloud-Service Data Centers
8 - Off-Site Backups, Disaster Recovery Services
1 of 9

Why Using the Cloud to Maintain HIPAA-Compliant IT Makes Sense

by Chris Preimesberger

2 of 9

Reduced Costs Related to IT Maintenance

When using a hosting provider, there is no need to maintain your own data. A managed hosting provider that is truly HIPAA-compliant will sign a Business Associate's Agreement, provide core security services and conduct other essential monitoring and reporting tasks to ensure compliance with HIPAA regulations. Fixed monthly fees would enable you to instantly extend your IT department at a fraction of the cost it would take to buy the hardware up-front and maintain the infrastructure and staff trained in HIPAA compliance.

3 of 9

Guaranteed Security and Compliance

The rapid pace of cloud computing adoption presents some obvious concerns around security and compliance. Companies should be able to view security and compliance as an added benefit, not a burden. This is achievable by engaging a reputable hosting provider that can actually improve your data security and compliance while providing a service-level guarantee on your security.

4 of 9

Advanced Data Encryption Support for Data in Transit, at Rest

Encryption should be a best practice for any security-conscious organization. The increase in cyber-threats and data theft presents a strong case for building an infrastructure that delivers strong computing performance without sacrificing data security. In fact, to meet HIPAA standards, data must be maintained in a manner that is unreadable, undecipherable and inaccessible to outside parties. This clause is usually addressed via encryption of data both while in transit and at rest.

5 of 9

Strong Virtual Networks Required

HIPAA-compliant providers include robust VPN capabilities and Secure Sockets Layer (SSL) encryption products for data in transit. Depending on your application architecture, knowledgeable providers will have experience in implementing products for encrypting application services, databases or file repositories on disk. Although encryption is not a 100 percent guarantee, it is a very essential piece of a multi-layered, compliant defense as it ensures that data is protected, even if accessed by unauthorized individuals.

6 of 9

Increased Physical Security in the Office

Ensuring security around the office is extremely important. This includes using employee badges, monitoring guests coming in and out, and locking file cabinets, for starters. Moving sensitive data to a secure hosted facility increases the safety of data from internal threats as hosting providers employ many safeguards to protect their customers' data.

7 of 9

Increased Security Inherent in Cloud-Service Data Centers

Health-care providers can restrict users from saving data to external drives and can prohibit the printing of protected documents. In addition, data centers are protected by a number of layers of security, including multiple levels of electronic building and facility access secured by magnetic locks, 24/7 on-site personnel, monitored and recorded closed-circuit cameras, mantraps and mandatory identity logging of all outside visitors.

8 of 9

Off-Site Backups, Disaster Recovery Services

Highly available private cloud environments have redundancy built in, and compute resources are not shared with other customers' environments, which eliminates potential security risks. This setup integrates multiple types of backups in the event of an emergency, such as a natural disaster. Local backups are placed on a secondary disk within the data center and are available for fast data recovery. The data is also spun off to tape and sent to a facility outside the data center, addressing the off-site storage clause within the HIPAA regulations. If a disaster occurs that renders the data center unusable, the backups can be sent to another data center location.

9 of 9

Audit/Assessment Support

Any company handling PHI or working with electronic medical records (EMR) is required to go through an annual HIPAA assessment, which ensures all proper safeguards are in place and up to industry standards. The assessment preparation process is extensive and requires strong data center expertise and experience in the health care IT space. Outsourcing this task can help free up resources to focus on growing the business as opposed to worrying about compliance and data center operations. Ideally, a chosen provider would have a dedicated compliance team to assist customers (and their customers) with completing compliance-related documentation.

Top White Papers and Webcasts