How SaaS and EHR Providers Can Make Architectural Changes for Better HIPAA Compliance

Scott Walters

Guest post by Scott Walters, client services, INetU.

Whether they are cloud providers, EHR services firms or SaaS providers, technology companies that market to healthcare organizations are considered “business associates” under HIPAA. In the past, that meant customers often asked them to sign agreements assuring that they were employing best practices and would provide breach notifications to help customers maintain compliance.

As of September 13, 2013. however, changes to the guidelines were implemented that mean technology providers are now directly liable to the U.S. Department of Health & Human Services (HHS) for securing any PHI that they’re entrusted with. In addition to the increase in accountability, this first-hand responsibility also brings technology providers under the threat of fines that can now reach well into the millions of dollars.

The Cost of a Breach

The HHS Office for Civil Rights (OCR), the main enforcement body for HIPAA, has been gradually increasing fines for organizations that violate HIPAA compliance. The penalties have totaled well into the millions, with several organizations in the past few years receiving fines in excess of $1.5 million from OCR. In fact, according to data from the Department of Health and Human Services, HIPAA-covered entities and now business associates have paid more than $18.6 million to date to settle alleged federal HIPAA violations with $3.7 million of that coming from organizations in the last year alone. On top of this, there are often state and private legal settlements involved.

The Massachusetts Eye and Ear Infirmary (MEEI) is among the organizations that have experienced dramatic penalties firsthand, incurring fines of $1.5 million in 2012 after the theft of a laptop from an MEEI doctor who was traveling to Asia ended up exposing PHI. Blue Cross Blue Shield of Tennessee also paid $1.5 million in the same year following a breach of 1 million patient records stemming from the theft of 57 unencrypted hard drives from a leased training facility.

These two examples not only show the potential cost of a breach, they also demonstrate another quality that reaches across many of the violations to date – the fact that many of the biggest healthcare and HIPAA breaches are caused by unencrypted data and local storage of PHI. As technology providers offer services to manage this type of data, the onus to meet HIPAA regulations is more frequently falling on their shoulders. The upside to this is that, with some forethought, SaaS and EHR providers have the opportunity to make their cloud services even more HIPAA ready than their customers’ on-premise solutions.

Continue Reading

Healthcare Will Invest $5.4 Billion in Cloud Computing by 2017

cloud picCloud computing services are increasingly moving into the future in healthcare. However, the protection and security of private data are two of the main reasons why the healthcare sector is generally slow to adopt new technologies. According to market researchers at MarketsandMarkets, healthcare will invest $5.4 billion in the cloud by 2017.

The “Healthcare Cloud Computing (Clinical, EMR, SaaS, Private, Public, Hybrid) Market – Global Trends, Challenges, Opportunities & Forecasts (2012 – 2017)” analyzes and studies the major market drivers, restraints and opportunities in North America, Europe, Asia. According to the report, Market researchers estimate that last year at least 4 percent of healthcare is in the cloud. This year, this share is expected to grow to 20.5 percent.

According to Cloud Times, “Cloud computing offers significant benefits to the healthcare sector; doctor’s clinics, hospitals and clinics require quick access to computing and large storage facilities which are not provided in the traditional settings, moreover healthcare data needs to be shared across various settings and geographies which further burdens the healthcare provider and the patient causing significant delay in treatment and loss of time. Cloud caters to all these requirements thus providing the healthcare organizations an incredible opportunity to improve services to their customers, the patients, to share information more easily than ever before, and improve operational efficiency at the same time.”

Continue Reading