Dec 12
2019
HIPAA Compliance and The Cloud
By Adrian Johansen, freelance writer; @AdrianJohanse18.
Developments in technology have had a profound impact on nearly every aspect of our lives. We can hardly get through an hour without tech having an effect on what we’re doing, let alone a full day. From the morning alarm on our smartphones, to the Bluetooth sound system in our cars, to the social media accounts we share everything on, technology surrounds us.
Perhaps one of the aspects that many of us think the least about is how it has utterly transformed the way we manage our healthcare data. The development of electronic health records and, even more importantly, the cloud, have brought about all sorts of changes. Many have the potential to impact our lives in both positive and negative ways depending upon how they are managed.
When it comes to our health data, there is an added urgency in making sure everything is safe and secure no matter where it is ultimately stored. Well managed data can mean a more efficient and effective healthcare service, while mismanaged data can lead to the loss of personal information and an unraveling of the privacy most of us have come to expect in a professional healthcare setting.
Medical Records, HIPAA and the Cloud
In 1996, the United States government passed HIPAA, a landmark healthcare act that helped to create and enforce privacy and data security requirements associated with medical information. The act has since been expanded in an effort to keep up with modern technologies, and nearly everyone involved in the healthcare system is expected to follow the rules. Because of this legislation, one can expect that their medical records will be kept private unless they choose to release them, no matter where they are stored.
Cloud-based data storage and technology provides numerous benefits to the healthcare system including things such as better dataset analysis, improved efficiencies in individual patient care, and a much lower cost. However, it can also lead to a number of concerns, especially when it comes to HIPAA compliance. HIPAA rules not only apply to the medical facilities that are using cloud technology, but also to the tech vendors as well.
Unfortunately, just because cloud technology providers are not exempt from HIPAA rules, does not mean that they necessarily follow them. There is no real certification process and the government doesn’t exactly clear companies to work with healthcare organizations. It is completely up to the healthcare entity and the tech provider to make sure their services are meeting the necessary HIPAA standards.
Loopholes in the System
It may come as somewhat of a surprise to both patients and healthcare providers to learn that there are popular new aspects of medicine and technology that aren’t necessarily covered by HIPAA regulations. For instance, HIPAA does not cover anonymized data such as the data that is collected during genetic testing. Essentially, this allows for a patient’s anonymous information to be shared at will.
Of course, most genetic testing companies are not shy about this and frequently broadcast the many benefits of pooling DNA information into one large database that can be accessed by scientists and potential relatives alike. Who knows, the wide availability of genetic information from millions of people may ultimately be what helps to solve the puzzle surrounding certain genetic diseases. However, it could also pose some serious risks related to personal health information.
In fact, this has already happened. One DNA test kit service, Vitagene, accidentally exposed the personal information and DNA analysis results of literally thousands of customers. Patient records were uploaded online into an Amazon Cloud Service server without the proper data security measures in place. The lack of data protection meant that anyone could look at anyone else’s health information without any sort of authentication or permission.
Expanding Across the Medical Realm
Meeting the HIPAA requirements associated with data security is becoming one of the most challenging things that healthcare administrators face on a regular basis. Hackers have become craftier and cybersecurity risks are of the utmost concern, especially when it comes to personal health information. A data breach into a medical facility’s system can cost billions and make the lives of patients far more difficult.
Not only can healthcare data breaches wreak havoc in the lives of patients, but it may actually be a national security concern. One government report suggested that heavy Chinese investment in U.S. biotechnologies and genomic research could enable them to use personal information against U.S. citizens. Ultimately, researchers indicated that new policies related to the use of citizen information — even if anonymized — should be enacted and more efforts to beef up cybersecurity are desperately needed.
Many healthcare providers are working diligently with tech firms to develop security measures and other data backups that can make it more difficult for hackers to be successful. Likewise, it has almost become a requirement of administrators of these systems to have some cybersecurity training and experience. When it comes to security, especially, it’s important to ensure that cloud software programs and platforms being utilized are airtight, in terms of cybersecurity.
Although HIPAA has been updated in an effort to keep up with modern technologies, it is incumbent upon healthcare providers to work with tech firms to make sure their data security measures are compliant. In a number of settings related to medical data, such as DNA testing, HIPAA regulations may not even apply. Data breaches can have serious negative impacts on everyone involved, which is the basis for greater cybersecurity need in the healthcare industry.