It’s important to know how HIPAA cloud storage is regulated

by | Aug 22, 2013 | Business Continuity, Compliance

You Risk Hefty Fines If Your HIPAA Cloud Storage Provider Isn’t Compliant

HIPAA isn’t new, it was created in 1996 in order to protect health information and give patients rights concerning their health care information. This pertains to administration, physical and technical aspects of the patient health information.

HIPAA and Backing Up Your Data

There are many security rules and standards that apply to the backing up of data. Healthcare providers, health plans and clearing houses must have a contingency plan that will:

“Establish (and implement as needed) policies and procedures for responding to an emergency or other occurrence (for example fire, vandalism, system failure, and natural disaster) that damages systems that contain electronic protected health information.”

This contingency will include a backup plan for your data and a disaster recovery plan. Also of importance are physical safeguards and access controls. These standards are not covered in this document.

HIPAA, Business Associates and HIPAA Cloud Storage providers

As of September 23, HIPAA requires that your business associates also comply by their regulations. As a result, any protected data managed by or sent to a non-compliant IT solutions provider, data center, online backup provider, or cloud service after September 23 will be a data breach that must be reported to patients and government HIPAA enforcers.

A data breach investigation is a pain, very expensive, and will often result in big fines. It’s necessary that you ensure your IT partners are HIPAA cloud storage compliant. And don’t just take their word for it, but have them prove it to you, and also their subcontractors. A HIPAA audit or data breach investigation could result in a million dollar fine, and not to mention the humiliating PR.

YOU MIGHT ALSO LIKE:  Disaster Recovery Benefits for Your Business (that Don't Suck)

What To Look For in a HIPAA Cloud Storage Provider

As it pertains to covered entities, now business associates must sign Business Associates Agreements, but also implement full compliance programs. Some cloud providers have had to completely rewrite their programming code, change their process for managing hard disk drives, and it’s reported some are having issues getting their data centers to agree to HIPAA compliance.

It’s advisable to get solid assurances that your IT service providers have signed Business Associate Agreements. More importantly, make sure they understand HIPAA and have implemented the compliance programs that will pass an audit or data breach investigation. And make sure they understand that they are also responsible for their subcontractors.

Just so it’s 100% clear I will repeat — make sure your HIPAA Cloud Storage Provider signs the BA agreements, their subcontractors sign the agreements, and that you are totally confident they have implemented the HIPAA compliance programs. Sending them data might represent a data breach and cost you major fines.

Want to learn more about HIPAA Cloud Storage? Contact us today.

Dale Shulmistra is a Business Continuity Specialist at Invenio IT, responsible for shaping the company’s technology initiatives -- selecting, designing, implementing & supporting business continuity solutions to bolster client operational efficiencies and eliminate downtime.

subscribe

Business Continuity Newsletter

Join over 17,000 subscribers and receive weekly business continuity news, tips & advice to protect your business.

You have Successfully Subscribed!