Cookies help us display personalized product recommendations and ensure you have great shopping experience.

By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
SmartData CollectiveSmartData Collective
  • Analytics
    AnalyticsShow More
    sales and data analytics
    How Data Analytics Improves Lead Management and Sales Results
    9 Min Read
    data analytics and truck accident claims
    How Data Analytics Reduces Truck Accidents and Speeds Up Claims
    7 Min Read
    predictive analytics for interior designers
    Interior Designers Boost Profits with Predictive Analytics
    8 Min Read
    image fx (67)
    Improving LinkedIn Ad Strategies with Data Analytics
    9 Min Read
    big data and remote work
    Data Helps Speech-Language Pathologists Deliver Better Results
    6 Min Read
  • Big Data
  • BI
  • Exclusive
  • IT
  • Marketing
  • Software
Search
© 2008-25 SmartData Collective. All Rights Reserved.
Reading: No Encryption or BAAs: Keep PHI Off Unsecure Clouds
Share
Notification
Font ResizerAa
SmartData CollectiveSmartData Collective
Font ResizerAa
Search
  • About
  • Help
  • Privacy
Follow US
© 2008-23 SmartData Collective. All Rights Reserved.
SmartData Collective > Data Management > Privacy > No Encryption or BAAs: Keep PHI Off Unsecure Clouds
PrivacyRisk Management

No Encryption or BAAs: Keep PHI Off Unsecure Clouds

onlinetech
onlinetech
4 Min Read
Image
SHARE

ImageGoogle Drive, formerly Docs, is a free collaboration tool that can be used to store and manage large amounts of data – unless that data falls under the scope of protected health information (PHI); that is, personal patient health record data.

ImageGoogle Drive, formerly Docs, is a free collaboration tool that can be used to store and manage large amounts of data – unless that data falls under the scope of protected health information (PHI); that is, personal patient health record data.

Recently it was revealed that Oregon Health & Science University (OHSU) kept a Google spreadsheet to maintain and exchange information about patient admissions to the hospital under the Division of Plastic and Reconstructive Surgery, as well as within two other urology and kidney transplant departments. About 3k patients were listed – while there was no reported data breach, merely the discovery of the unsecured cloud data was enough to require breach notification under HIPAA.

While the popular online document storage service is a classic example of what cloud computing can provide, it cannot meet the security requirements desired by the HIPAA mandate that was recently updated to include data storage/cloud service providers within the scope of liability. HIPAA comes with fines and penalties for data breaches of patient information.

More Read

Image
Is Your IT Architecture Ready for Big Data?
CAPEX Deferred Eventually Makes the Company Sick
Privacy Concerns Could Hinder Personalization of Web Based Applications
4 Ways Big Data Has Made Bluetooth A Terrifying Security Risk
Cloud Security: Practical And Effective Ways To Protect Your Data

Cloud service providers are now considered business associates, meaning they must sign a business associate agreement (BAA) with healthcare clients that use their services (Google does not  currently sign BAAs).

Additionally, encryption of data at rest and in transit is an addressable but highly recommended aspect of meeting HIPAA compliance, and it also makes a healthcare organization exempt from the HIPAA Breach Notification Rule, primarily because encryption renders data unreadable even if accessed by unauthorized individuals. Google does not encrypt files stored on Google Drive.

When contracting with a HIPAA cloud provider, ask them if they provide encryption and at what level. Check their HIPAA audit reports and risk assessments if they have them, and ask which technical security services can help them fulfill HIPAA requirements. Make sure their BAA addresses who has access to the data, how data is handled after service termination and breach notification policies. Read Five Questions to Ask Your HIPAA Hosting Provider for a more detailed explanation of the questions to ask.

For more about HIPAA security and cloud infrastructure, read our HIPAA Compliant Hosting white paper.

This white paper explores the impact of HITECH and HIPAA on data centers. It includes a description of a HIPAA compliant data center IT architecture, contractual requirements, benefits and risks of data center outsourcing, and vendor selection criteria.

Learn more about cloud security and private clouds in healthcare:
How the HIPAA Cloud Protects PHI for Physician Software as a Service (SaaS)
How does the HIPAA compliant cloud support and enable progression of health IT and patient care? By creating a high availability, reliable data and application hosting infrastructure that’s secure enough to meet healthcare industry data security compliance regulations, like the Health … Continue reading →

Encryption for the HIPAA Compliant Cloud
Many cloud computing infrastructure as a service (IaaS) providers may provide log monitoring, antivirus, web application firewalls, SSLs, dedicated SANs and more for healthcare organizations, but often the missing ingredient lies in one key technical aspect: encryption. Encryption for healthcare … Continue reading →

References:
OHSU Notifies Patients of ‘Cloud’ Health Information Storage

image: cloud/shutterstock
TAGGED:health care data
Share This Article
Facebook Pinterest LinkedIn
Share

Follow us on Facebook

Latest News

sales and data analytics
How Data Analytics Improves Lead Management and Sales Results
Analytics Big Data Exclusive
ai in marketing
How AI and Smart Platforms Improve Email Marketing
Artificial Intelligence Exclusive Marketing
AI Document Verification for Legal Firms: Importance & Top Tools
AI Document Verification for Legal Firms: Importance & Top Tools
Artificial Intelligence Exclusive
AI supply chain
AI Tools Are Strengthening Global Supply Chains
Artificial Intelligence Exclusive

Stay Connected

1.2kFollowersLike
33.7kFollowersFollow
222FollowersPin

You Might also Like

Courting Better Health: Time to Focus on Health Analytics

5 Min Read

Patient-Centered Data-Driven Care: Carolina Advanced Health

0 Min Read

SmartData Collective is one of the largest & trusted community covering technical content about Big Data, BI, Cloud, Analytics, Artificial Intelligence, IoT & more.

giveaway chatbots
How To Get An Award Winning Giveaway Bot
Big Data Chatbots Exclusive
ai chatbot
The Art of Conversation: Enhancing Chatbots with Advanced AI Prompts
Chatbots

Quick Link

  • About
  • Contact
  • Privacy
Follow US
© 2008-25 SmartData Collective. All Rights Reserved.
Go to mobile version
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?