How HIPAA Raises the Privacy Bar
Since 1996, the Health Insurance Portability and Accountability Act (HIPAA) has regulated health insurance coverage and health care transactions. It is also the main federal arbiter of patient privacy, but until 2009, HIPAA affected hospital procedures more than the IT industry. That's when the HITECH Act of 2009 added technology and financial associates to the list of regulated parties. Then, in 2013, lawmakers added the Final Omnibus Rule, which significantly expanded the act's Protected Health Information (PHI) regulations.
The new rule's provisions allowed HIPAA to catch up with modern technology. It paid special attention to cloud storage, mobile devices and remote technologies that offer new ways to access patient information -- and more opportunities for privacy and security breaches. The trade publication Health Management Technology even estimated that breaches have already affected 20 million people.
When a cloud database administrator or independent IT consultant works directly with PHI, it automatically is a business associate who is subject to the rules -- and penalties -- of HIPAA. Health care providers and their system administrators already know HIPAA regulations well. Title II includes the following rules:
- The Privacy Rule - gives patients more control over their confidential information
- The Transactions and Code Sets Rule -- keeps transactions standard throughout the industry
- The Security Rule - updated in 2013 to accommodate new forms of breaches
- The Unique Identifiers Rule - standardizes and protects the communication between health care providers and insurers
- The Enforcement Rule - includes harsh penalties for HIPAA violations
For those of us who work with medical and patient data on a daily basis, HIPAA's privacy and security rules directly affect both the hardware and the software that we use to store and send data. According to the U.S. Department of Health & Human Services, everything from DEA numbers to vendor finances and patient identities can be subject to breaches in health care databases.
Cloud computing offers ease of access, reliable back-ups and more streamlined, standardized communication. However, it must also come with a guarantee that no HIPAA security or privacy violations will occur.
US Signal’s Hosted Private Cloud (HPC) is secure, smart, and compliant. With HPC, your data is separate, safe, and in an identifiable location. The environment is comprised of dedicated compute resources and dedicated storage that are connected to the most robust fiber-optic network in the Midwest. To better help our customers meet the new HIPAA regulations, US Signal contracted an independent auditing firm to examine our institutional policies and procedures to ensure all facilities and practices are HIPAA Compliant.
New regulations are always a headache for database administrators, but HIPAA might actually settle the score by preventing many more of them. We hope that stricter privacy regulations and more defensive systems will emphasize the importance of innovative, up-to-date storage centers and solutions.