Healing America Through Innovation in Healthcare

Healthcare Innovation Journal

Subscribe to Healthcare Innovation Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Healthcare Innovation Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Healthcare Innovation Authors: LeanTaaS Blog, Yoel Knoll, Mark Hoover, Ram Sonagara, Santosh Varughese

Related Topics: Cloud Computing, Security Journal, Compliance Journal, Healthcare Innovation Journal

Article

Changing Standards for Online Healthcare Data – HIPAA & the Cloud

The safety of personal healthcare information on the cloud continues to be an important topic

Just a few months ago I wrote a blog post about healthcare data on the cloud (HIPPA Cloud Storage) and the security concerns surrounding this very sensitive and valuable data. I mentioned that as with many industries, more healthcare data is being moved to the cloud, but the healthcare industry has remained a few paces behind others in terms of securing online data.

The safety of personal healthcare information on the cloud continues to be an important topic, specifically in regards to government-issued guidelines. There are new requirements going into effect this year that expand on how HIPAA and HITECH standards regulate healthcare data on the cloud.

HIPAA & Cloud Security
For years, HIPAA has required healthcare organizations to maintain confidentiality of electronic health information that can be linked back to an individual. More recently, HITECH provisions further strengthened HIPAA penalties and criminal enforcement.

This year's new provision to HIPAA, known as the Omnibus final rule, has its compliance date coming up in September 2013. There are important implications for vendors that are involved in any way with storing, transmitting or otherwise handling personal healthcare records. Anyone involved in those capacities is now known as a "Business Associate" and is therefore subject to the compliance regulations put forth in HIPAA. Those not compliant with HIPAA rules are subject to various penalties, including fines, as in the case of the recently announced Wellpoint fine.

As I have written about before, both "Covered Entities" (Healthcare providers, etc.) and Business Associates looking to leverage cloud services but keep sensitive patient information within their full control have been leveraging a new class of technologies known as Cloud Data Protection Gateways. These gateways intercept sensitive data while it is still on-premise, encrypts or replaces it with a random token and protects the data whether at rest, in transit or on the cloud. Encryption and Tokenization techniques deployed within these gateways are a viable solution to help organizations stay compliant.

As industry and government regulations surrounding HIPAA and the cloud continue to impact cloud users and providers, I will keep this blog up to date on changes and on solutions to stay on top of requirements.

Read the original blog entry...


PerspecSys Inc. is a leading provider of cloud protection and cloud encryption solutions that enable mission-critical cloud applications to be adopted throughout the enterprise. Cloud security companies like PerspecSys remove the technical, legal and financial risks of placing sensitive company data in the cloud. PerspecSys accomplishes this for many large, heavily regulated companies across the world by never allowing sensitive data to leave a customer's network, while maintaining the functionality of cloud applications. For more information please visit http://www.perspecsys.com/ or follow on Twitter @perspecsys.

More Stories By Gerry Grealish

Gerry Grealish is Vice President, Marketing & Products, at PerspecSys. He is responsible for defining and executing PerspecSys’ marketing vision and driving revenue growth through strategic market expansion and new product development. Previously, he ran Product Marketing for the TNS Payments Division, helping create the marketing and product strategy for its cloud-based payment gateway and tokenization/encryption security solutions. He has held senior marketing and leadership roles for venture-backed startups as well as F500 companies, and his industry experience includes enterprise analytical software, payment processing and security services, and marketing and credit risk decisioning platforms.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.