By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
SmartData Collective
  • Analytics
    AnalyticsShow More
    data science anayst
    Growing Demand for Data Science & Data Analyst Roles
    6 Min Read
    predictive analytics in dropshipping
    Predictive Analytics Helps New Dropshipping Businesses Thrive
    12 Min Read
    data-driven approach in healthcare
    The Importance of Data-Driven Approaches to Improving Healthcare in Rural Areas
    6 Min Read
    analytics for tax compliance
    Analytics Changes the Calculus of Business Tax Compliance
    8 Min Read
    big data analytics in gaming
    The Role of Big Data Analytics in Gaming
    10 Min Read
  • Big Data
  • BI
  • Exclusive
  • IT
  • Marketing
  • Software
Search
© 2008-23 SmartData Collective. All Rights Reserved.
Reading: No Encryption or BAAs: Keep PHI Off Unsecure Clouds
Share
Notification Show More
Latest News
SMEs Use AI-Driven Financial Software for Greater Efficiency
Artificial Intelligence
data security in big data age
6 Reasons to Boost Data Security Plan in the Age of Big Data
Big Data
data science anayst
Growing Demand for Data Science & Data Analyst Roles
Data Science
ai software development
Key Strategies to Develop AI Software Cost-Effectively
Artificial Intelligence
ai in omnichannel marketing
AI is Driving Huge Changes in Omnichannel Marketing
Artificial Intelligence
Aa
SmartData Collective
Aa
Search
  • About
  • Help
  • Privacy
Follow US
© 2008-23 SmartData Collective. All Rights Reserved.
SmartData Collective > Data Management > Privacy > No Encryption or BAAs: Keep PHI Off Unsecure Clouds
PrivacyRisk Management

No Encryption or BAAs: Keep PHI Off Unsecure Clouds

onlinetech
Last updated: 2013/08/01 at 8:00 AM
onlinetech
4 Min Read
Image
SHARE

ImageGoogle Drive, formerly Docs, is a free collaboration tool that can be used to store and manage large amounts of data – unless that data falls under the scope of protected health information (PHI); that is, personal patient health record data.

ImageGoogle Drive, formerly Docs, is a free collaboration tool that can be used to store and manage large amounts of data – unless that data falls under the scope of protected health information (PHI); that is, personal patient health record data.

Recently it was revealed that Oregon Health & Science University (OHSU) kept a Google spreadsheet to maintain and exchange information about patient admissions to the hospital under the Division of Plastic and Reconstructive Surgery, as well as within two other urology and kidney transplant departments. About 3k patients were listed – while there was no reported data breach, merely the discovery of the unsecured cloud data was enough to require breach notification under HIPAA.

While the popular online document storage service is a classic example of what cloud computing can provide, it cannot meet the security requirements desired by the HIPAA mandate that was recently updated to include data storage/cloud service providers within the scope of liability. HIPAA comes with fines and penalties for data breaches of patient information.

More Read

Patient-Centered Data-Driven Care: Carolina Advanced Health

Courting Better Health: Time to Focus on Health Analytics

Cloud service providers are now considered business associates, meaning they must sign a business associate agreement (BAA) with healthcare clients that use their services (Google does not  currently sign BAAs).

Additionally, encryption of data at rest and in transit is an addressable but highly recommended aspect of meeting HIPAA compliance, and it also makes a healthcare organization exempt from the HIPAA Breach Notification Rule, primarily because encryption renders data unreadable even if accessed by unauthorized individuals. Google does not encrypt files stored on Google Drive.

When contracting with a HIPAA cloud provider, ask them if they provide encryption and at what level. Check their HIPAA audit reports and risk assessments if they have them, and ask which technical security services can help them fulfill HIPAA requirements. Make sure their BAA addresses who has access to the data, how data is handled after service termination and breach notification policies. Read Five Questions to Ask Your HIPAA Hosting Provider for a more detailed explanation of the questions to ask.

For more about HIPAA security and cloud infrastructure, read our HIPAA Compliant Hosting white paper.

This white paper explores the impact of HITECH and HIPAA on data centers. It includes a description of a HIPAA compliant data center IT architecture, contractual requirements, benefits and risks of data center outsourcing, and vendor selection criteria.

Learn more about cloud security and private clouds in healthcare:
How the HIPAA Cloud Protects PHI for Physician Software as a Service (SaaS)
How does the HIPAA compliant cloud support and enable progression of health IT and patient care? By creating a high availability, reliable data and application hosting infrastructure that’s secure enough to meet healthcare industry data security compliance regulations, like the Health … Continue reading →

Encryption for the HIPAA Compliant Cloud
Many cloud computing infrastructure as a service (IaaS) providers may provide log monitoring, antivirus, web application firewalls, SSLs, dedicated SANs and more for healthcare organizations, but often the missing ingredient lies in one key technical aspect: encryption. Encryption for healthcare … Continue reading →

References:
OHSU Notifies Patients of ‘Cloud’ Health Information Storage

image: cloud/shutterstock

TAGGED: health care data
onlinetech August 1, 2013
Share this Article
Facebook Twitter Pinterest LinkedIn
Share

Follow us on Facebook

Latest News

SMEs Use AI-Driven Financial Software for Greater Efficiency
Artificial Intelligence
data security in big data age
6 Reasons to Boost Data Security Plan in the Age of Big Data
Big Data
data science anayst
Growing Demand for Data Science & Data Analyst Roles
Data Science
ai software development
Key Strategies to Develop AI Software Cost-Effectively
Artificial Intelligence

Stay Connected

1.2k Followers Like
33.7k Followers Follow
222 Followers Pin

You Might also Like

Patient-Centered Data-Driven Care: Carolina Advanced Health

0 Min Read

Courting Better Health: Time to Focus on Health Analytics

5 Min Read

SmartData Collective is one of the largest & trusted community covering technical content about Big Data, BI, Cloud, Analytics, Artificial Intelligence, IoT & more.

giveaway chatbots
How To Get An Award Winning Giveaway Bot
Big Data Chatbots Exclusive
AI chatbots
AI Chatbots Can Help Retailers Convert Live Broadcast Viewers into Sales!
Chatbots

Quick Link

  • About
  • Contact
  • Privacy
Follow US

© 2008-23 SmartData Collective. All Rights Reserved.

Removed from reading list

Undo
Go to mobile version
Welcome Back!

Sign in to your account

Lost your password?