Healthcare Cloud


There are many types of environments, including physical, virtualized, and cloud, that a healthcare IT department or service provider might maintain in a compliant fashion. A large portion of service providers in today’s age provide their services to customers utilizing the cloud model. In a public cloud, the infrastructure is made available to the general public or a large industry group that is owned by the HIPAA cloud company. The public cloud infrastructure exists solely on the premise of the cloud provider.

Being on the cloud is critical today, and critical for the future.

What is the Healthcare Cloud?

A healthcare cloud is a HIPAA cloud hosting service used by healthcare IT departments and digital health technology vendors to store, maintain, back up, and share Protected Health Information (PHI).

Healthcare Cloud is a Means to Manage More Data

Healthcare today is increasingly data-driven and demands to share that data are also increasing. Those trends translate to considerable amounts of data that must be processed and stored in a secure and scalable manner. Healthcare cloud provides the means to handle the massive amounts of data that are growing exponentially in a cost-efficient manner.

Healthcare Cloud Enables Value-Based Care

Healthcare cloud computing is the most feasible way for healthcare systems, hospitals, and digital health vendors to face the challenge of delivering more patient value. It provides them with a connected environment to exchange data with their patients. On-premise infrastructure costs are high and data scalability is more feasible in the cloud.

Why is HIPAA Compliance in the Cloud Important?

HIPAA, formally known as the Health Insurance Portability and Accountability act, was signed into legislation back in the 90s. These regulations were enacted as a multi-tiered approach that set out to improve the health insurance system. If you have a healthcare application, website or data storage, you must be in complete compliance, including HIPAA cloud hosting.

What is HIPAA compliant hosting and what does that mean?

HIPAA hosting (cloud) is data hosting that complies with all aspects of HIPAA’s physical safeguard requirements. Application developers especially must recognize that HIPAA compliant hosting is necessary for their solutions.

Compliance in the cloud is possible in any scenario as long as it addresses controls in the main five HIPAA Omnibus categories:

  • Administrative Safeguards (§ 164.308)
  • Physical Safeguards (§ 164.310)
  • Technical Safeguards (§ 164.312)
  • Organizational Safeguards (§ 164.314)
  • Policies and Procedures and Documentation Safeguards (§ 164.316)

As well as additional security provisions within References 13402 of the HITECH Act.

Healthcare Cloud Security

The healthcare industry has been shifting toward a value-based care delivery model, partially enabled by open standards that support cooperative, collaborative workflows. Services delivered by cloud computing will evolve to support a wide variety of healthcare processes while providing an infrastructure that allows healthcare entities to utilize resources at fractional costs.

Healthcare professionals understand that cloud computing has its advantages but many have data security concerns about moving to a cloud-based system. Patient privacy and data security are considered the most serious considerations in cloud computing.

Is Data Encryption Required by HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) is a set of regulations that were enacted as a multi-tiered approach to improving the health insurance system. HIPAA has specifications that ensure the confidentiality and privacy of protected health information. Many wonder if encryption is required by HIPAA but, because these regulations are so convoluted, it’s hard to determine.

The HIPAA Security Rule does not explicitly say that encryption of data at rest or in transit is required. Since this specification is classified as “addressable” the HHS believes that an entity must address encryption when seen as “reasonable and appropriate.” Let’s break down what that means:

  • The HHS is saying that you do not have to encrypt your data but you need to be prepared to state why you believe that in writing because if you are audited, your documentation will be reviewed by the OCR (Office for Civil Rights).
  • If an entity does a proper risk analysis, there are minimal scenarios in which encryption is not “reasonable and appropriate.”
  • Upon a breach of data happening, it is not very likely the victim(s) or the OCR will agree with any entity claiming that it not necessary. So although encryption may not be called out as a mandatory, the majority of healthcare professionals will tell that it is required.

How do I Choose a Secure Healthcare Cloud?

When selecting a healthcare cloud provider, it is vital for an organization to perform due diligence to ensure the ePHI they are entrusting this provider with will be secured in accordance with the HIPAA regulations.

As you look for a compliant healthcare cloud ask these key questions: * Have they had an external assessment done by a third party? * Have they been assessed against the HIPAA Security Rule? * What assurance can they make in safeguarding your data? * What do they cover as part of the business associate agreement?

In most instances, cloud providers should be able to provide evidence of a third party HIPAA compliance assessment, such as HITRUST CSF certification.

Datica makes digital health in the cloud a reality by removing the risks that prevent its adoption. We turn HIPAA compliance on public infrastructure providers into a solved problem, and enable secure clinical data exchange between mission-critical digital health applications and EHR systems. Datica serves healthcare’s complete spectrum, from digital health startups and industry leaders to health systems across the nation. More than 300 customers and partners trust Datica to ensure their clouds are HITRUST certified and data securely interoperable.

Datica Academy articles on Healthcare Cloud

HIPAA and Multi Tenancy

What exactly is multi tenant cloud and does Datica Compliant Cloud offer a multi tenant environment?

HIPAA Compliance at the Application Level

While HIPAA Compliance at the infrastructure level is heavy on technology, HIPAA Compliance at the application level is more of a blend of technology and policy.

HIPAA Contingency Planning + Disaster Recovery

Business associates and subcontractors need a HIPAA disaster recovery contingency plan in place to maintain the integrity of ePHI in case of a disaster.

Blog posts on Healthcare Cloud

Healthcare Innovators Podcast on Healthcare Cloud

Discover Healthcare Technology Topics