Organizations that deal with personal medical information need to ensure that this data is secure and protected. And it’s not just an ethical issue; clinics, hospitals, and other healthcare organizations are legally obligated by the Health Insurance Portability and Accountability Act (HIPAA) to store and share medical data and health records in a safe and compliant manner.
That’s why it’s critical to take a moment to confirm that the software they are using is HIPAA-compliant when these organizations are considering storing this personal data in the cloud.
In this post, we’ll explore the history of HIPAA, what it means to be HIPAA-compliant, and the best HIPAA-compliant cloud storage services available.
According to the Centers for Disease Control, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that requires the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge.
Signed into law by President Bill Clinton in 1996, HIPAA modernized the flow of healthcare information while ensuring another level of protection from fraud and theft.
HIPAA protects information regarding:
Though the act was passed prior to cloud storage, it now extends to how this information is shared and stored digitally. HIPAA requires developing safeguards that protect data physically (use and positioning of workstations and mobile devices), technically (implementing activity logs and controls and access controls), and administratively (conducting risk assessments, implementing risk management policies, and restricting third-party access).
There is no official HIPAA-compliant certification, which means it’s up to the organizations and the cloud service providers to ensure adherence to HIPAA. In order to do so, they must review HIPAA regulations and update periodically in accordance with the compliance goals.
To be HIPAA-compliant, a cloud storage provider must be willing to agree that it secures data transmitted to the cloud, stores this data securely, provides a system that allows for control of data access, and records a log of all activity.
There are a number of well-known companies that provide cloud storage services that meet HIPAA regulations. These include:
Depending on the data your organization is entrusted to manage — and how that data is shared — you may need to add an additional layer of security to these services to ensure compliance. Some key questions to consider are:
Once you’ve picked a cloud storage service, it’s still critical to ensure that services are HIPAA compliant. In order to do so, organizations must properly configure settings, check third-party app access to the cloud, and ensure file security and privacy.
With Virtru, you can add a layer of encryption to your Google Workspace and Google Cloud storage platforms to support HIPAA compliance. Virtru also enables you to manage your own encryption keys, so that neither Google nor Virtru can access your data at any time. You retain full control of your data, while still giving your teams the ability to collaborate and share information efficiently.
Virtru is here to help you assess your data management strategy and support your compliance with HIPAA. Contact Virtru today to schedule a consultation with one of our data security experts.
Contact us to learn more about our partnership opportunities.