Healthcare organizations are embracing the many advantages of cloud computing, including its scalability, cost-efficiency, and flexibility. The cloud makes file storage and sharing easy and convenient. Before implementing a solution, however, it’s important to understand how industry regulations impact cloud adoption — and what to look for when selecting a cloud-storage service provider. For healthcare organizations, HIPAA-HITECH compliance can be a major deciding factor.
We’ve compiled the top 5 most popular cloud storage services that are HIPAA compliant. Before we go into those, let’s first take a look at how HIPAA-HITECH applies to cloud storage software.
Why HIPAA applies to cloud storage
The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996 with the goal of protecting the privacy of sensitive patient information. Covered entities under the law include healthcare plans, health care clearinghouses and certain types of healthcare providers.
In 2009, the Health Information Technology for Economic and Clinical Health (HITECH) Act extended HIPAA’s requirements to business associates. A business associate is any service provider who has access to the protected health information (PHI) of a covered entity. This also includes subcontractors who create, receive, maintain or transmit PHI on behalf of a business associate, including cloud providers.
In addition to extending the law to cover business associates, the HITECH Act dramatically increased HIPAA penalties. Pre-HITECH penalties were limited to $100 per violation and a maximum of $25,000 for “identical violations of the same provision” in the same calendar year. The new penalties have a tiered structure between $100 and $50,000 per violation based on “increasing levels of culpability” and a maximum of $1.5 million for identical violations per year.