Verizon Launches Cloud Services to Support HIPAA Compliance

Verizon has launched new cloud applications to allow health care providers to meet federal requirements under the Health Insurance Portability and Accountability Act.

Verizon Enterprise Solutions has launched new cloud services that will enable health care providers to comply with the Health Insurance Portability and Accountability Act.

HIPAA provides guidelines on securely storing patient information. Announced Oct. 1, the new cloud services include Collocation, Managed Hosting, Enterprise Cloud, Enterprise Cloud Express Edition and Enterprise Cloud Private Edition.

Verizon's Enterprise Cloud platform includes a console called InfiniCenter, virtualization from VMware and a clustered computing architecture.

Enterprise Cloud Private Edition segregates the cloud tools and hypervisor for single tenancy, which allows health care providers to avoid potential performance issues from shared-tenancy services, according to Verizon. Enterprise Cloud Express Edition is a pay-as-you-go version for small practices, hospitals, or individual departments.

Verizon will offer a HIPAA business associate agreement (BAA) with each service, which guarantees that the patients' data is secure.

Under the HIPAA Privacy rule, doctors, health insurance providers and health care clearing-houses must include a BAA for documentation when seeking access to protected health information (PHI).

HIPAA has been an impediment to the growth of cloud computing in health care, as providers face hefty fines for data breaches, Dr. Peter Tippett, chief medical officer and vice president of Verizon's health care IT practice, told eWEEK.

"In the last two or three years, all kinds of fines have been levied, so HIPAA now has teeth," said Tippett.

Federal incentive programs have pushed the health care industry to use electronic health records, which create a need for cloud storage as well as privacy and security measures.

If a hospital will share data with a billing company in the cloud, that billing company must sign a BAA, Tippett noted.

Cloud services offload the cost and administrative burden that health care providers would face if they built their own data centers, according to Tippett.

Verizon Terremark's cloud computing centers in Miami and Culpeper, Va., will host the health care platforms. These facilities meet security controls such as PCI-DSS Level 1 Compliant Service Provider, ITIL v3-based best practices, and facility clearances up to Department of Defense, Top Secret, Verizon reported. Verizon announced its purchase of Terremark Jan. 27, 2011.

Use of colocation and hosting as well as infrastructure as a service (IaaS) has been slow to catch on in health care, Tippett noted.

"Essentially no one does IaaS with health care information because they can't figure out how they would possibly know if they're HIPAA-compliant," said Tippett.

"People [in health care] are very confused," he said. "It's very hard to conceive being compliant and using the cloud," he said. IT vendors have been unwilling to sign BAAs with hospitals, said Tippett.

"We'll sign the business associate agreements with those hospitals and insurance companies and so on, and we'll take our part of the liability if anything goes wrong," said Tippett.

To build the new cloud platforms, Verizon relied on the security experts in its Cybertrust group as well as the cloud infrastructure of its Terremark business. In addition, the company hired lawyers to see how to get their Terremark data centers to help health care providers meet HIPAA requirements in the cloud, said Tippett. The company then developed standards for risk assessment that could apply to Terremark.

Verizon says it’s one of the first top-tier vendors to offer cloud platforms for health care. Microsoft recently announced the availability of business associate agreements for its cloud platforms, including Azure Core Services and Office 365.