When government regulations meet emerging technologies, it can be confusing for those responsible for adhering to the new guidelines. Records managers may find affordable solutions using HIPAA compliant cloud storage, but have no idea what that entails.
HIPAA guidelines require patient privacy and security of records. The Health Insurance Portability and Accountability Act of 1996 outlines these requirements. Privacy concerns are an issue for records that cannot be physically secured, since cloud storage is shared by a wide range of users.
HIPAA Requirements and Cloud Storage
The Department of Health and Human Services (HHS) has determined that cloud storage is an acceptable form of medical and billing record storage. However, it offers several cautions. Entities required to observe HIPAA rules can obtain cloud storage services, but only with a HIPAA-compliant provider and under a business associate contract (or BAA). It also advises that users wisely consider the risks and take into account:
- System infrastructure and reliability
- Data recovery and backup services in case of ransomware and system failures
- Providers must return data to the users at the end of the contract
- Security services including malware protection and protection from outside hacking
- Whether or not the storage provided adheres to the use, retention, and limits to disclosure as required by law
— YouThisMe (@YouThisMe) January 23, 2018
Advantages to HIPAA Compliant Cloud Storage
There are many advantages to cloud storage services for healthcare providers, despite concerns for privacy and security. Vital medical records are available from any device and at any location. Consequently, many busy health care practitioners who work at several locations appreciate the ability to download records on location.
The accessibility of cloud vs. link storage devices also makes the former a superior choice. Although portable storage seems like the cheaper option, care providers frequently lose these devices. Magnetic storage corrupts easily in transit and moisture, and dust corrupts digital storage. In addition, transit time could take days when patients are traveling or relocated.
- First of all, it provides the seamless exchange of data between practitioners and organizations. Practitioners can easily share records with referral providers and from office to office.
- Health organizations can provide a fast exchange of data to insurance companies. This expedites payment for services rendered as well as the tedious process of getting services approved.
- Technology updates are performed by professionals. Updates to software are timely and frequent, and bugs in the software routed by trained IT technicians.
- Provides central storage in case of disasters. As seen after a number of disasters in the last 20 years, cloud storage protects critical patient data by remaining offsite and unaffected by fire or flood.
- Almost always, cloud storage frees up space. No more halls of file folders taking up space that could be put to more efficient and lucrative use.
Risks That Determine Cloud Storage Security Needs
HIPAA’s Privacy Rule attempts to balance the need-to-know accessibility of patient data with the patient’s right to privacy. Because identity theft and fraud are running rampant throughout many major corporations’ databases, personal identification data like social security numbers and phone numbers increase the risk of security breaches.
— HIPAAtrek (@hipaatrek) October 3, 2017
Services That Provide HIPAA Compliant Cloud Storage
The number of healthcare organizations converting to cloud storage is increasing. Consequently, tech companies are responding and expanding to meet the need for secure, compliant, off-site medical records storage.
The Health Information Technology for Economic and Clinical Health (HITECH) enacted in 2009 determines who must comply with HIPAA. This regulation requires that any service providers with access to patient data are responsible for maintaining security. Furthermore, they must also meet the privacy requirements of the HIPAA guidelines. This means that cloud storage service providers must be willing to sign a contract as a business association (BAA). In addition, they’re responsible for maintaining that compliance.
— WebMarkets (@WebMarketsUSA) January 15, 2014
Here’s a breakdown of the some of the most popular providers of HIPAA compliant cloud storage:
AWS HIPAA compliance.
Amazon has its toes in everything, including web and cloud storage services. With pay-on-demand services ranging from computing, storage, database hosting, and networking, Amazon offers several levels of cloud storage. The company offers guidance for using their affordable S3 simple cloud services for HIPAA compliance, and they will also sign a BAA agreement.
Is Dropbox HIPAA compliant?
Dropbox has been a bit slow on the uptake for HIPAA compliance in the past, but it does now provide the security and BAA contract required. As one of the most popular cloud storage and file sharing service sites, Dropbox jumped on the HIPAA movement in 2015 and has a walk-through guide for clients to make the process of setting up much easier.
What about Google Cloud storage?
Google Drive provides super cloud storage as part of the G Suite of programs. It’s easy, and most users are familiar with the navigation. PC Magazine gives it its highest rating, and Google well knows the requirements. Furthermore, the company is happy to supply and sign a BAA contract with users. Google offers a handy guide for users to set up HIPAA compliant cloud storage.
Is Microsoft OneDrive HIPAA compliant?
Microsoft will sign a BAA contract with clients, and it covers most of their online business services as well. Office 365 users find it meets their needs of HIPAA compliance. Office 365 users can access Microsoft’s HIPAA compliance policies and an FAQ online.
Is Box.com compliant with HIPAA requirements?
Box.com has been in the cloud storage business for a number of years. However, it hasn’t seen the surge of popularity that better-known brands like Dropbox and Google Drive have. They are HIPAA and HITECH compliant and will sign a BAA contract. However, customers do the necessary configuring of the service to meet these requirements. Box boasts that a third-party auditor has been evaluated their services. Additionally, Box.com met all HITECH standards for security. Box offers guidance for healthcare records storage online using their services.
Carbonite cloud storage HIPAA compliance
Carbonite is one of the higher-end cloud storage companies and is a HIPAA compliant cloud storage compliant option. As well as meeting HITECH requirements. Most noteworthy, the company boasts that it’s even compliant with the most stringent requirements, including the Massachusetts Data Security Regulation. They will happily sign a BAA agreement, Carbonite users can find more details from the company about their services online at their website.
Cloud storage for medical records allows healthcare providers to respond to patient issues quickly. Health care workers access medical records instantaneously from anywhere with their device with cloud storage capability. There are a number of affordable options that are HIPAA complaint. Make sure the company takes their obligation seriously and check for their amenability for singing a BAA. Health care organizations should feel secure knowing there are a number of HIPAA compliant cloud storage providers available.
Featured Image: CC0 Creative Commons by StevePB via Pixabay.