The targets are moving again when it comes to helping your customers meet compliance regulations in the healthcare industry. The newest changes to the Healthcare Insurance Portability and Accessibility Act’s (HIPAA) privacy, security, enforcement and breach rules are hot off the presses (all 563 pages of them) and included in that documentation are regulations for leveraging cloud in healthcare.
According to CloudTimes.org, the updated regulations say cloud services providers with access to any qualified healthcare data are considered “business associates,” and therefore must comply with the Breach Notification Rule. That means both the cloud services provider and the healthcare company they support are liable for violation of HIPPA rules. That puts new pressure on both vendors and healthcare services providers to take extra caution when dealing with data privacy of healthcare customers, and a lot of pressure on healthcare customers to pick the right IT partners.
For the channel, that means gaining a thorough understanding of how to determine which cloud services providers can and will meet those stringent privacy regulations. No longer will cloud services providers be able to say – we’re not responsible – at least not if they want to work with healthcare customers. The article goes on to say that, according to the federal government, cloud computing providers must undergo yearly HIPAA audits as well as having policies and procedures that line up with the HIPAA security guidelines.
It should be interesting to see which providers are willing to jump this hurdle to take advantage of a multibillion-dollar healthcare market … and how they battle it out competitively. For those of you working in healthcare, consider starting your checklist of questions that address the new rules, including proof of HIPAA audits.