HIPAA vs The Cloud
Given the need to abide by HIPAA compliance in healthcare entities and the sensitive matter of protecting patient records, cloud computing is a good resource in managing the job. These entities can sensitize their cloud computing associates and get their role documented in the process of HIPAA compliance.
HIPAA Compliance: The objective behind
Sensitivity in maintaining individual health record of every person is too significant and this is what gets ensured under HIPAA security compliance, which aims at protecting an individualís information to be obtained, created, used and maintained electronically at a specific healthcare unit or hospital. As a result of this rule, the healthcare unit is responsible for taking every measure to keep this information confidential, secure, reliable and free from any electronic interference. But healthcare units usually find it tough to meet the expectations of this security rule & it requires a more technical approach in abiding by the directives of the security rule.
Healthcare unitís responsibility in ensuring HIPAA security compliance
Under HIPAA security compliance, each of the three aspects, namely administrative, technical and physical, has to be adhered to by implementation specifications. These specifications specify the modus operandi for meeting the three aspects. A healthcare unit or hospital has to either implement a security measure to achieve this objective, execute the given implementation specifications or, may not put into practice either one of the two. But as part of HIPAA compliance, the body has to document whichever choice it wants to implement and this document should additionally comprise of basis of the evaluation on which this decision has been arrived at. Outcome of all this can be visibly noticed in the form of a challenge for IT professionals working in health sector.
Shouldering HIPAA compliance responsibility with cloud computing vendor
No surprise, emergence of cloud computing looked like easing the scenario but with enough caution, given that an outside agency in the form of cloud providing associate is involved besides the healthcare unit. Because of this vendor-client partnering, the ultimate responsibility to abide by HIPAA compliance resting with the healthcare unit gets pooled with the vendor, since implementation gets carried out at the vendor end. Thus, there is much room for the sensitive information getting trickled at the remote location where cloud model has been setup. In this situation, the healthcare unit will have to adhere to all the security aspects and implementation specifications as discussed above, so as to satisfy the HIPAA security rule. In the process, the healthcare unit will have to extend its interference and control at the cloud computing associateís location in terms of integrity, encryption, data transfer & management, etc., which this body earlier left up to business associate due to contractual limitations or budget constraints.
Documentation of roles
Obviously, the healthcare unit has an opportunity this way to allot even responsibility to its cloud computing business associate and keep it under the scanner, as if HIPAA compliance is not just the healthcare unitís liability, but is as much an accountability of that vendor. The documented modus operandi of this body can well include the extent to which it has involved vendor and along with, ask the vendor to document its procedures and practices in following the technical requirements and the HIPAA compliance as a whole.While cloud computing can be the technical answer for healthcare IT professionals to successfully satisfy HIPAA security compliance, the organisations in healthcare can well ensure strict adherence of HIPAA rules by shouldering equal responsibility with their cloud computing business associates.
Source: Free Articles from ArticlesFactory.com
ABOUT THE AUTHOR
My name is Jason Gaya and I am an avid blogger. I write on various health-care compliance courses mandated by HIPAA, OSHA, Joint Commission and Red Flags rule My Course Catalog http://store.empowerbpo.com/.