19
Oct
HIPAA vs. the Cloud
HIPAA vs. the Cloud
By Chris Witt
If you are involved in HIT, you know all about HIPAA and the responsibility it puts on organizations to protect patient information. In HIPAA’s early days, there were only general guidelines and required outcomes to help direct IT departments in reaching compliance. The fact that most organizations maintained a “closed” system, meaning they had their own data center with very little data being exposed outside of the organization, made compliance relatively simple. Our biggest worry was the tape media being rotated out to our favorite offsite storage facility. Over time, data center strategies have evolved to include collocation and managed services. While this has added some complexity to HIPAA compliance, you still know exactly where your data resides and have a good idea of who could potentially access it from the third-party provider. Now cloud computing has been added to the mix of service options. This adds some interesting HIPAA compliance challenges since absolute end-to-end control of the data is no longer ensured.
