According to a recent Ponemon Institute report, seventy-two percent of the 600 IT professionals surveyed believed their cloud service providers would fail to inform them of a data breach that involved the theft of confidential business data, and 71 percent believed the same for customer data.
Healthcare organizations have been hesitant to relinquish any perceived control over their information, and yet the investments and resources required to securely store and manage files “on-premise” has become a burden most facilities can no longer shoulder. IT teams lack the bandwidth and expertise to manage the growing volume and traffic of Protected Health Information (PHI). The move to the cloud has become inevitable because of the increasing complexity and burden of managing compliance processes.
Moreover, given the recent Omnibus ruling from September 2013, compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) has never been more pervasive. With security breaches occurring at an alarming rate combined with the expansion of federal regulations, the push towards compliance has fueled businesses large and small to explore the necessary requirements – and options available – when it comes to achieving and maintaining HIPAA compliance.
Cloud-based solutions provide significant value for the healthcare industry, providing organizations with superior security and control when managing sensitive health data, especially PHI. In speaking with our customers in organizations required to adhere to HIPAA regulations, a cloud-based managed file transfer (MFT) solution offers numerous advantages: industrial-grade security, lower risk, reduced time and resources needed to achieve and maintain HIPAA compliance, higher reliability and availability backed up by service level agreements, and cost savings as IT staff is freed up to focus on other operational tasks.
The benefits of cloud provide a compelling reason for organizations to move to a managed cloud environment; here are a few best practices to keep in mind:
- Invest in partners that are well-equipped to manage the breadth of HIPAA standards, and who are able to provide the tools needed to demonstrate compliance to your auditors;
- Make sure to look for partners that provide a packaged HIPAA compliant environment that satisfies electronic protected health information (ePHI)-related legal obligations in HIPAA/HITECH legislation; and
- Recognize from the start that your HIPAA compliance will usually involve a hybrid solution that combines both cloud and on-premise elements. A combination can provide the enabling “fabric” that will make it possible to do business moving forward.
To read more on this topic, check out my full article in HITECH Answers.