Cloud Presents Healthcare Providers with Challenges for HIPAA Compliance

The medical profession has changed dramatically in recent decades, in no small part because of the ever-changing array of technology available to it. New surgical tools and diagnostics have changed the way patients are treated, and the introduction of computers has revolutionized how these treatments are conducted and cataloged.

While this has led to increasingly sophisticated approaches to many medical problems, InfoBoom notes it has also created its own issues as IT departments attempt to ensure quick, reliable access to these resources. One of the most prominent emerging solutions to these issues is the use of cloud computing. Companies such as Siemens, Dell, Intel VMWare and Harris Corp. have all introduced cloud services for the healthcare sector, ranging from diagnostic imaging storage to medical record platforms.

But the cloud computing sector has proven to be rife with potential regulatory compliance breaches that many would not consider. Law.com notes that an engineering firm could breach data export rules simply by saving a document through a cloud service, if that information happened to be stored in data center that is physically in India.

With the strict healthcare compliance rules created to protect patient information, these issues can be magnified for cloud services in that sector. ZDNet's David Chernicoff notes that, whereas engineering firms are prevented from sending protected information abroad, the Health Insurance Portability and Accountability Act (HIPAA) requires specific certifications for everyone with access to patient data.

For a cloud service that means either directing information from healthcare providers to certain HIPAA-certified data centers, potentially reducing the efficiency that cloud computing is meant to provide, or making all of its data centers HIPAA-compliant, potentially raising costs.

FierceHealthIT notes a recent survey from consulting firm Booz Allen Hamilton that found more than two-fifths of government health agencies have not yet met new IT compliance standards. Nearly two-thirds of respondents have yet to move relevant public health information to cloud services, mostly out of concern for data security with these services. These agencies have proven hesitant despite the overwhelming agreement that cloud computing would play an important part in the future of healthcare IT.

But Chernicoff notes that the potential market for cloud-based HIPAA software remains strong. The healthcare sector comprises both large users with heavy data needs and smaller clients with limited access to IT services, the ideal combination for cloud computing.

InfoBoom notes that the healthcare sector is even more important to the cloud computing sector than just its own business as well. The success of public clouds, as opposed to private clouds that use a similar structure maintained entirely within a single large business or collection of businesses, in storing patient data would demonstrate the technology's viability for other sectors.

As such it should hardly be surprising that Chernicoff notes a growing number of companies are beginning to invest in HIPAA compliance to tap into this valuable market even now.

At the same time, there are already areas where cloud computing presents a decided benefit over certain other approaches to healthcare compliance. SearchHealthIT notes that HIPAA requires that healthcare providers develop a backup system for their patient records in the event of an emergency, either physically separated from the actual facility or "hardened" location. By comparison, investing in a HIPAA-compliant cloud-based backup system can actually represent substantial savings, while also generally proving more convenient.

Many issues remain before the healthcare industry can rely on cloud-based systems without concern about regulatory compliance. But the market has already been identified by cloud providers, and the sector is steadily approaching that point.