Earlier in 2013, the Department of Health and Human Services (HHS) issued a Final Rule to modify the 1996 HIPAA legislation, which is now the beating heart of healthcare data portability, privacy and security. The reason behind the final rule and its new level of security is a basic reason.
Through the years, healthcare has had some serious deficiencies and it’s still the prime target for identity theft, and its main problem of financial fraud, especially Medicare Fraud which whistles to the tune of $70 billion a year alone. The HIPAA’s final rule clarifies the financial and legal liabilities for failure to sign a business associate agreement, if they are a cloud provider. From the desk of David Holtzman, Information Privacy Division, in the Office for Civil Rights, “If you use a Cloud service, it should be your Business Associate. If they refuse to sign a Business Associate Agreement, do not use that cloud service.” If they refuse to be held liable for breaches to their “secure” clouds, do not use them.
The companies that have already released statements to the effect of announcing their support for executing BAA’s on behalf of healthcare entities include: Box, Microsoft, Verizon, ClearData and Online Tech. The most conspicuous absentee from those who are encouraging the signage of the BAAs is the company with about 71% of the Cloud Market. Amazon Web Services made a decidedly vague reply to the outright inquiry if they were to join in the signing of BAAs. Another vendor Apple with its iCloud considers its users consumers with which we are free to do whatever we want with our Personal Health Information, and of course, no BAA is required.
Cloud systems come in two main variations: Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS). In general, Infrastructure-as-a-Service is the most basic form of cloud computing. It offers physical and virtual machines, storage options, servers, networks, load balancers, and more, for enabling organizations to outsource infrastructure/hardware to a service provider who hosts the equipment in a secure data center, allowing access to it by use of the internet. Whereas Platform-as-a-Service focuses more on databases, operating systems, development tools, webservers, etc.
PaaS service makes an offering of collaborative application development tools, web application management, application design, and others via the internet to help organizations with team members in multiple locations to collaborate more effectively when assigned to projects. It’s important to determine if cloud storage will be viable for your business too, so consider things like connectivity, location, availability, service and support. Also consider the amount of control you will have over your data. This is a long term solution so it’s best to compare different solutions to find the best one for your business model.