{"id":2034,"date":"2013-02-07T02:15:30","date_gmt":"2013-02-07T02:15:30","guid":{"rendered":"https:\/\/www.empowerbpo.com\/blog\/?p=2034"},"modified":"2023-02-07T10:14:12","modified_gmt":"2023-02-07T10:14:12","slug":"does-the-cloud-provide-an-easier-route-to-hipaa-compliance-2","status":"publish","type":"post","link":"https:\/\/www.empowerelearning.com\/blog\/does-the-cloud-provide-an-easier-route-to-hipaa-compliance-2\/","title":{"rendered":"Does the cloud provide an easier route to HIPAA compliance?"},"content":{"rendered":"

Within the healthcare community, the cloud has been perceived as a double-edged sword. On one side, the cloud represents a cost-effective solution to the problem of affording the capacity to store and analyze massive amounts of data; on the other, it presents concerns about remaining compliant with\u00a0HIPAA Training\u00a0<\/a>while making strategic use of cloud services, especially following the publishing of the HIPAA omnibus rule last month. But is this apprehension warranted? And could it potentially being doing more harm than good for covered entities on the fence about migrating to the cloud?<\/p>\n

\u201cWe sort of lead with BAA conversation because people are not even interested in talking at all without one,\u201d says David Rocamora, Vice President of Development Operations for Control Group, about the increased interest of covered entities to sign\u00a0business associate\u00a0agreements<\/a> when working with cloud-services providers. \u201cThe BAA opens a lot of the doors, but when we really start getting down to work, most of the people who end up moving to the cloud decide that the BAA thing isn\u2019t an issue for them anymore because they find ways to resolve it.\u201d<\/div>\n
<\/div>\n
Given that the HIPAA omnibus rule tightens responsibilities for those working with\u00a0protected health information<\/a>\u00a0and increases penalties for covered entities and business associates who fail to remain compliant, misconceptions about the cloud may prevent healthcare organizations and providers from considering what could in reality be a sound decision in terms of both finances and compliance.<\/div>\n
<\/div>\n

According to Rocamora, the cloud should prove a valuable resource for two reasons. \u201cThose kinds of things have changed people\u2019s perceptions of whether or not cloud computing is appropriate for healthcare data,\u201d he argues.<\/p>\n

The first is the reduction of potential health data breaches:<\/p>\n

When you look at the number of patients affected by a breach, most of the time it was because of physical theft or loss of real infrastructure \u2014 someone loses a laptop in a cab or something like that. That\u2019s a huge win for cloud computing because we can rely on someone who has physical security policies like Amazon where they\u2019ll publish all of the things that they can do to their data centers. That\u2019s above and beyond what a lot of clients running their own infrastructure can do.<\/p><\/blockquote>\n

The second is the ability to monitor their security and privacy infrastructure more easily through automation:<\/p>\n

When we build infrastructure, we\u2019re basically writing programs that automate the infrastructure. My team writes the automation of this infrastructure as code and we also write tests to prove that we\u2019re doing actually what we\u2019re doing. So we can go to someone and say, \u201cYour infrastructure is working exactly the way it was designed or it\u2019s not because someone changed it and let\u2019s figure out why.\u201d Suddenly these tools give businesses a lot more visibility into what\u2019s going on with their infrastructure or why things are changing.<\/p><\/blockquote>\n

Considering the emphasis the HIPAA omnibus rule places on breach notifications and the factors used to assess the risk to PHI mitigated by covered entities, the documentation provided by cloud-services developers detailing their systems and processes should make the challenge of both remaining\u00a0HIPAA Compliance<\/a>\u00a0and cost-efficient less burdensome moving forward.<\/p>\n

\u201cThe tests that we\u2019re writing are readable in plain English and definable by the business. They can see exactly what they\u2019re doing \u2014 what\u2019s out of compliance or in compliance \u2014 and make decisions like that,\u201d explains Rocamora. \u201cIt has helped people who are not technical visibility into what really is happening on the technical side of things, which is helpful to increasing efficiencies in any kind of organization.\u201d<\/p>\n

With less than a month having passed since the publishing of the HIPAA omnibus rule, healthcare organizations and providers are still making sense of what the final ruling means their business practices and organizational workflows. And with little more than six months remaining until covered entities and their partners are required to be compliant, further understanding of the implications of the ruling will push organizations to revisit the idea of migrating to the cloud.<\/p>\n","protected":false},"excerpt":{"rendered":"

Within the healthcare community, the cloud has been perceived as a double-edged sword. On one side, the cloud represents a cost-effective solution to the problem of affording the capacity to store and analyze massive amounts of data; on the other, it presents concerns about remaining compliant with\u00a0HIPAA Training\u00a0while making strategic use of cloud services, especially […]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[12,27,28,37],"class_list":["post-2034","post","type-post","status-publish","format-standard","hentry","category-hipaa","tag-elearning","tag-hipaa-compliance","tag-hipaa-compliance-training","tag-security-compliance"],"_links":{"self":[{"href":"https:\/\/www.empowerelearning.com\/blog\/wp-json\/wp\/v2\/posts\/2034","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.empowerelearning.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.empowerelearning.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.empowerelearning.com\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.empowerelearning.com\/blog\/wp-json\/wp\/v2\/comments?post=2034"}],"version-history":[{"count":0,"href":"https:\/\/www.empowerelearning.com\/blog\/wp-json\/wp\/v2\/posts\/2034\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.empowerelearning.com\/blog\/wp-json\/wp\/v2\/media?parent=2034"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.empowerelearning.com\/blog\/wp-json\/wp\/v2\/categories?post=2034"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.empowerelearning.com\/blog\/wp-json\/wp\/v2\/tags?post=2034"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}