HIPAA and Cloud Computing

Cloud Computing

When we think of Cloud Computing, the first associations we make are with its use in the business world. But cloud computing is coming to prominence now in the medical field, prompting another round of profound hopes/worries about how the information age will change our world.

Cloud computing distributes information storage and access across a network of computers, allowing it to be accessed and edited from multiple different computers. Cloud Computing can increase storage capacities and greatly facilitate people from several systems being able to stay “on the same page.”

With the medical field’s tendency to get its information mired in bureaucracy, an integrated information-sharing system like Cloud Computing is practically a necessity.

The need for fast, integrated sharing of information is particularly immediate in the case of emergency room patients. When someone is brought into the ER in cardiac arrest, the doctors and nurses need to be able to get a hold of that patient’s medical history that minute, not whenever that person’s town doctor has time to fax the records over.

The speed and efficiency of communication that cloud computing can offer, in medicine, will often save lives. As a less-immediate effect, cloud computing can also significantly reduce the amount of paperwork and bureaucracy involved in the medical field, which can cut costs overall as well as saving some patients a lot of time, frustration, and money.

But Cloud Computing isn’t all a bed of roses. The public access to data brings with it serious concerns about infringements on medical patient’s privacy. If implemented incorrectly, cloud computing systems could lead to breaches of the HIPAA Act.

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 reformed healthcare in an effort to make the system more efficient. Title I of the act is concerned with increasing the amount of people that can get healthcare, while Title II is concerned with the protection of patient’s privacy.

Title II is intended to facilitate the transfer of medical data across institutions and states as well as safeguard the confidentiality, integrity, and availability of electronic health records so that they are only available to patients and the healthcare professionals that need to know the info.

Under Title II, most of a patient’s medical record and payment history is considered Protected Health Information (PHI), and it is protected under the law. PHI may only be disclosed to other medical entities, but only the minimum amount and only with the permission of the individual.

Under the Technical Safeguards provided by Title II of HIPAA, whenever PHI data flows over open networks, it must be encrypted. Passwords or other safeguards are necessary to confirm the identity of other entities seeking to access PHI.

When medical professionals are considering medical software, they should think about not just the functionality of the software, but whether it provides good data protection, in accordance with HIPAA, and how they need to use it to best ensure this level of protection.

At best, cloud computing could save your life when the doctors find out that you have an allergic reaction to Benadryl that could kill you; at worst, cloud computing could let a hacker breach your medical information, and post details about any/all of your embarrassing surgeries out on the web. Personally, I’ll take that risk.

3 thoughts on “HIPAA and Cloud Computing”

  1. Private cloud computing is a major player for HIPAA compliance – public clouds like Amazon’s offerings just aren’t secure. A private cloud is owned solely by that tenant, unlike a public cloud that shares resources and applications.

    The US government’s IT sector is showing that their trust in the cloud by shutting down data centers and moving data to the Web. Hopefully they can set an example for other organizations still using paper records and slow servers…

  2. Could the hacker not be able to modify your data so that he might delete the allergy information and you could die because the doctors see that you have no allergies against paracetamol and give a shot of that for your aching tooth?

  3. Hybrid Cloud! The benefits of owning your cloud, combined with a public cloud for sharing resources without exposing critical applications and data.

Comments are closed.