4G

HIPAA Compliance and the Cloud

March 26th, 2015

HIPAA compliance is becoming an important topic with the rise of Cloud usage. It is important to secure the patients’ data because there are vulnerabilities in cloud storage. The HIPAA Omnibus Rule had made several changes in terms of handling patient’s data. Now, cloud service providers are considered as business associates and remain accountable in case of breach.

According to the HIPAA rule, patients’ privacy is protected, regardless of where it is being stored which includes cloud storage option.

“For example, a data storage company that has access to protected health information (whether digital or hard copy) qualifies as a business associate, even if the entity does not view the information or only does so on a random or infrequent basis. Thus, document storage companies maintaining protected health information on behalf of covered entities are considered business associates, regardless of whether they actually view the information they hold.”

The Center for Democracy and Technology (CDT) has published Frequently Asked Questions (FAQs) about the Omnibus Rule.

“The obligations of a business associate depend on the extent of services and functions it is performing with PHI on behalf of a covered entity,” the CDT paper states. “A CSP that has no capability to access PHI, that provides storage functionality only, and that adheres to HHS standards with respect to encryption should have little liability risk as a business associate (except to ensure that it properly manages encryption).”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.