Medical practices and facilities are depending more and more on cloud storage because it gives users the ability to access data across a variety of electronic devices while eliminating the costs and difficulties associated with maintaining a physical storage system.
What exactly is the cloud? Cloud storage is a network of remote servers that allow for centralized data storage and online access to these resources. Your files are stored on a server connected to the Internet instead of being stored on your own computer’s hard drive. This eliminates the need to purchase hardware equipment to store files or to upgrade your hardware to get extra storage space—or the need to delete old files to make room for new ones. The cloud is convenient and cost-effective, providing a way to automatically back up your files and folders.
Despite these benefits, recent publicity around hacks of public cloud storage websites has raised concerns about whether it is appropriate for medical practices and facilities to store health records and information in the cloud. Cybercriminals target healthcare organizations more than any other form of business because criminals find personal patient information particularly valuable to exploit. Providers must ensure they are compliant with the Health Insurance Portability and Accountability Act (HIPAA) in how they secure patient protected health information (PHI). The repercussions of a breach can be daunting under HIPAA. A business that suffers a breach of unencrypted PHI must report the breach to the U.S. Department of Health and Human Services’ Office for Civil Rights. If found negligent, the business can face fines and damage to its reputation.
Is cloud storage a safe way to store PHI? The answer is a qualified “yes”: The cloud can be an appropriate method of data storage, but only under the right circumstances.
As with many new technologies, the safety level of the cloud, and whether it’s appropriate for use, depends on the vendor. To be sure your data is safe and secure when you hand it over to a cloud service provider, you need to research each vendor you consider and do appropriate due diligence. There are several important questions you need to answer and issues you have to keep in mind:
Cloud storage can be a valuable asset to medical practices and facilities, but the decision to use the cloud to store HIPAA-protected records should not be made until substantial due diligence has been performed on the cloud service provider. Make sure you have absolute confidence in the service provider’s ability to keep the data safe and secure.
By David McHale, Senior Vice President and Chief Legal Counsel, The Doctors Company
The guidelines suggested here are not rules, do not constitute legal advice, and do not ensure a successful outcome. The ultimate decision regarding the appropriateness of any treatment must be made by each healthcare provider in light of all circumstances prevailing in the individual situation and in accordance with the laws of the jurisdiction in which the care is rendered.