Healthcare Information Security

Cloud News

How Does HIPAA Compliance Apply in the Healthcare Cloud?

The healthcare cloud can greatly benefit covered entities, such as in data storage and backup, but HIPAA compliance must still remain a top priority.

hipaa compliance healthcare cloud security

Source: Thinkstock

By Bill Kleyman

- Only a handful of years ago, security and healthcare professionals deemed hosting healthcare data in the cloud to be untenable. However, the evolution of the healthcare industry as well as cloud solutions has really changed the perspective for many.

A 2016 IDC Health Insights report showed that providers are increasingly taking advantage of cloud implementations and leveraging mobile and analytics capabilities in the cloud. In fact, 18 percent of new software spend was allocated to software as a service (SaaS) and another 24 percent to projects that leveraged managed hosting by a third party.

Furthermore, comfort levels with cloud were on the rise. According to IDC survey of hospitals, 41.5% of respondents said they were more comfortable with cloud than they were in the recent past. Barriers to cloud adoption, primarily comfort levels with security and compliance, are clearly coming down.

More cloud adoption and use cases have recently emerged across the healthcare industry. The latest Gartner research of healthcare cloud services pointed out that growth in health IT infrastructure, system, and support requirements — compounded by tight budgets and IT staffing issues — will continue to drive providers toward a hybrid IT environment in which the cloud will play an increasing role. By 2021, researchers predict public cloud service providers will process more than 35 percent of the healthcare industry’s IT workloads.

Security remains top of mind for organizations moving into the healthcare cloud, and security strategies are evolving and maturing to accommodate the transition from on- to off-site data services. IDC identified cybersecurity as a new growth area in the provider IT budget with potential to increase. Threats are top of mind, but the increased availability of resources for IT security is allowing providers to begin to implement strategies to secure health data and networks. Top priorities included focusing on security in the cloud, monitoring the environment, and controlling shadow IT.


READ MORE: 4 Benefits and Barriers in Utilizing Healthcare Cloud

Beyond security, one aspect really helped fuel the growth in cloud, healthcare, and new use-cases. When the concept of the cloud was first brought to market, it was limited to organizations not bound by strict compliance rules. Furthermore, true cloud security needs time to mature. Today, the conversation around cloud compliance and security is much different.

In fact, laws and regulations changed to directly support new kinds of cloud initiatives. For example, the HIPAA Omnibus rule enacted in 2013 now allows third parties to become business associates (BAs). A BA is any organization that has more than just transient access to data (e.g., FedEx, UPS, USPS). An organization can sign the business associate agreement (BAA) and assume additional liability to manage protected healthcare information (PHI).

Regulations have also changed how data center providers approach e-commerce and PCI-DSS. At a high-level, data center providers intelligently control data through the cloud, the organization's servers, and the payment gateway, in turn allowing an organization to continuously control the flow of sensitive information.

Take the use case of a healthcare organization in need of extra resources within a data center cloud provider to process large amounts of data. The organization does not want to invest additional dollars into internal resources, having realized that a pay-as-you-go model is optimal for their environment, so it organization turns to a healthcare-ready data center or cloud provider for help. By knowing that the latter has signed a BAA and can process healthcare information, the organization is able to directly link a public cloud with the private data center. Now, the organization is able to use this cloud platform to migrate applications, workloads, and data between their healthcare cloud and their private data center, which helps with security, data analytics and even efficiency.

There are going to be other great use cases for leveraging cloud services for healthcare initiatives, including:

  • Disaster recovery and backup
  • Data backup and storage
  • Data processing and analytics
  • Offloading some applications and services
  • Creating an edge computing ecosystem
  • Improving telemedicine capabilities

READ MORE: Utilizing Cloud Computing for Stronger Healthcare Data Security

The great news for organizations that have yet to take advantage of the healthcare cloud is that the process of getting started has never been easier. Numerous organizations either have active projects within the cloud or are in the process of testing proof-of-concepts with a HIPAA-ready cloud provider.

For healthcare organizations just starting out, the first step is to make sure their cloud partner can meet their needs. A healthcare cloud partner must be able to properly secure and manage your data, accommodate changing needs, and provide services for both today and the near future.

Here are three other considerations for organizations choosing a cloud partner:

  • Develop both a technical and business relationship. A good cloud healthcare partner will understand an organization’s business and allow their healthcare services to be properly aligned.
  • Leverage a cloud partner with growth in mind. In today’s healthcare world, organizations are either acquiring or being acquired, which is why working with a healthcare cloud partner that can scale effectively is absolutely critical. How quickly can the cloud provider spin up a new location should an acquisition happen? The cloud partner not only helps the organization scale, but it should also help the organization maintain a competitive edge.
  • Work with a healthcare cloud partner that can meet specific use cases. Yes, there are several cloud partners that are HIPAA compliant and have signed a BAA. However, that does not translate into all providers being the same. When working with disaster recovery or data backup, a cloud partner needs to meet the unique needs of the organization.


Entire new services are under development to be deployed through the healthcare cloud. Big data is here to stay with analytics spending continuing to grow, according to IDC analysis of technology trends and best practices. Analytics continues to be one of the fastest-growing segments of the healthcare IT budget, a trend spanning several years. Ongoing investment in value-based care, clinical quality improvements, and resource use will continue, but new analytics investments are looking to target provider and care team performance analytics, referral patterns, and financial areas of the organization.

This is where a great healthcare cloud partner can help out. In light of the amount of new data being created each and every day, the cloud is a means to helping that data grow and become truly elastic.

READ MORE: What Hospitals Should Know about Cloud Computing Security

The healthcare cloud can lead to numerous other benefits and use cases:

  • Greater levels of virtualization. Application and desktop delivery continue to thrive as more organizations find ways to leverage cloud as their delivery model. The mobility of providers and patients has given rise to new demands around how content is accessed. Cloud allows the decentralization of the user while providing the best possible user experience based on context. What’s more, it can extend beyond application and desktop virtualization to the delivery of rich experiences so that providers can continue to serve patients and save lives.
  • Reduction of data center footprints and the removal of legacy infrastructure. Most healthcare organizations are actively looking to reduce their data center footprint for two leading reasons. First, they can reduce spending on data storage. Second (and perhaps more importantly), organizations have the opportunity to rid themselves of legacy equipment, which also reduces spending, improves user experiences by moving them to better hardware, and helps address hardware-based security risks. Legacy infrastructure is notorious for being unpatched or unsupported but still living because of its supposed “importance.” Cloud helps alleviate these challenges by moving these important workloads to a better, cost-effective infrastructure.
  • Leveraging cloud consumption models in healthcare. Healthcare leaders everywhere are asking the simple question: “Do I really need all of that additional data center hardware?” Why do healthcare organizations have to pay for infrastructure that’s just sitting idle only to be used in the event that rare set of conditions is met? Cloud partners are able to offload that part of the data center and allow healthcare organizations to leverage a real consumption model. That is, if the organization grows or needs the additional space, the latter will always be there and the former will only pay for what it consumes. The healthcare cloud is one of many places for managing healthcare workloads as it also provides an ecosystem for creating new types of operating expense (OPEX) models that help organization become much more flexible in leverage IT infrastructure.

This list is by no means comprehensive. The bottom line is that organizations that have not tried cloud to support its care system are likely missing out and missing out on a significant competitive advantage as well.

The abstraction of various healthcare services will continue. Organizations will leverage new types of services and resources sitting outside of their data centers. Those healthcare organizations that opt for a healthcare cloud partner will realize new business potential as they improve their ability to scale and be more competitive. Most of all, they will be able to deliver new types of healthcare services capable of impacting a much broader population. A good healthcare partner will help an organization remove the walls surrounding their healthcare services and enable them to become a true, digitally-enabled healthcare organization.


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...