HIPAA Compliant Cloud Storage: A Health Information Cheat Sheet

For companies involved in the medical industry, finding HIPAA compliant cloud storage is an excellent way to maximize efficiency and back up precious data on secure servers.  But what exactly is HIPAA, how do you know if it applies to you, and how can you make sure what you’re doing is compliant with this important legislation when storing critical data?

Here’s a quick guide to the basic principles of HIPAA, and the steps you can take to ensure your company is following the laws it puts into place.

What is HIPAA

HIPAA, or the Health Insurance Portability and Accountability Act, is a broad piece of legislation passed in 1996 which aimed to improve the efficiency and security of health insurance information in America.

There are two major sections of the bill:

  • Title I:  Focuses on portability and continuity of service for health insurance, like the situations that arise when a person changes jobs and needs to transition coverage to another provider.
  • Title II: Focuses on administrative simplification, creating a standard of privacy and security for personal health information.  HIPAA compliance in regards to cloud storage primarily pertains to this side of the legislation.

HIPAA compliant cloud storage

While nowadays there are a multitude of services to choose from, only a few cloud storage companies offer data backup services that ensure you remain compliant with HIPAA mandates, providing the appropriate data protection safeguards and overall security processes.  HIPAA regulations put the responsibility in the health companies’ hands to make sure the third parties they enlist to handle their data storage don’t break  HIPAA compliance.  As long as health companies do their due diligence, cloud storage can be an efficient, cost effective, and highly secure way to store private health information online.

Security and Privacy

There are five rules laid down in HIPAA Title II dealing with administrative simplification: privacy, transaction and code sets, security, unique identifiers, and enforcement.  These rules primarily establish protocol and regulations on the ways health companies handle their patients’ information internally, but the security rule is most important to keep in mind when dealing with outside companies for data backup.

Within the security section of Title II, HIPAA establishes three safeguards:

  1. Administrative safeguards: Focuses on the implementation of internal policy, like staff training and reporting procedures that will make HIPAA compliance transparent and well-followed.
  2. Physical safeguards: restricts access to physical records, including procedures on how to properly dispose of old hard drives and how to properly authorize access to the appropriate individuals.
  3. Technical safeguards: This is the main area of emphasis for HIPAA compliant cloud services.  To fulfill these requirements, cloud services must use data encryption that meets the government’s strict standards.  Everything from transmission to access to deletion must be done in accordance with HIPAA regulations.

Is your organization bound by HIPAA?

The answer is an obvious “YES!” for organizations directly providing health care or health insurance, but for companies less directly involved with patient care, it can be a bit more tricky. In general, if you do business with health care providers or insurers, and especially if you handle any type of individually identifiable health information, you are subject to HIPAA. When in doubt, it is always a good idea to seek the advice of a HIPAA compliance expert!

Posted under Blog, Data Protection by
Tagged , , , , ,

About Tim Helming

Tim Helming is Director of Product Management at Symform. Tim has over 12 years of experience in the network security and cloud storage industry. Drawing on direct hands-on experience as a support engineer, as well as extensive customer interaction and market research as a product manager, Tim works with IT administrators, Managed Security Services providers, and security resellers all over the world to drive Symform's product development process. Tim holds a B.A. with Honors from Yale University. When he’s not helping the world safeguard its data, Tim performs classical music around Seattle as a timpanist and percussionist, often on instruments of his own design and construction.
One thought on “HIPAA Compliant Cloud Storage: A Health Information Cheat Sheet

  1. We are looking for hippa compliance cloud storage. Current we are in testing and development mode. If all goes well, we would like to continue the services

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>