Recently government regulators have added some changes to the Health Insurance Portability and Accountability Act. The move has been interpreted by some as an attempt to slow down the migration to the cloud due to security concerns. The real question is whether any identified security breaches are due to the inherent architecture of the cloud or selecting the incorrect mix of products and services. This is a critical aspect as HIPAA also mandates that business continuity/disaster recovery be included in any deployment and cloud solutions provide the simplest and least expensive BC/DR solutions.
First and foremost, many cloud solutions are fully HIPAA compliant so that is not the real issue. The HIPAA Security Rule for all protected health information, applies to all data that is stored, accessed, transmitted or audited so it is covers a lot of ground and can be complex. When assessing solutions you need to be thorough. Seeking the assistance of a HIPAA consultant or a reseller that specializes in cloud technologies is advisable. That said, many decisions are clear cut.
For example, fax devices and solutions are generally HIPAA compliant. E-mail, including most fax/e-mail combinations, is not. For enhanced data security, there are hybrid fax service solutions available that provide the convenience of an in-house fax server that also combine BC/DR features. Text messaging, normally consider risky at best, can be made fully secure using an application from a company named Protected Mobility. Health care services like visiting nurses medical office personnel can now communicate securely with a FIPS 140-2 certified HIPAA-compliant encryption technology and API suite.
Solutions like the above provide the health care community with the necessary tools to be HIPAA compliant yet still utilize the latest in efficient cloud and communications technologies. A bonus for resellers is that many of these solutions also apply to Sarbanes-Oxley and the PCI (News - Alert) DSS security standard developed by the PCI Security Standards Council. Used for enhancing payment account data security, the PCI DSS standard can also be an essential component of a HIPAA solution.
Companies in the health care industry are concerned about the new regulations as the fines for non-compliance can be significant and would welcome the guidance of experienced communications and cloud professionals. Sounds like a good reseller opportunity.
Edited by Stefania Viscusi