5 steps in moving to the cloud
- Do a risk assessment. Determine your privacy and security vulnerabilities in relation to state and federal regulations, and determine how to best meet those statutory obligations.
- Classify your data. Understand which data are protected by HIPAA Privacy and Security Rules. “If [a] buyer doesn’t know what the security requirements are for a specific piece of data compared to other data, it’s difficult to assess whether the provider can provide adequate security,” Heiser said in a recent article.
- Choose carefully. Healthcare organizations should be very surgical in making choices for what applications and data they host in the cloud. Given the evolving landscape of cloud risks, a prudent choice would be to either not host applications with PHI storage in the cloud at all. Or potentially if you decide to do so, to at least use a private vs. public cloud solution to reduce your risk profile.
- Review the jurisdictional issues. Cloud providers are subject to multiple legal jurisdictions, based on their location and where the data reside. As one expert put it: “Regulations such as HIPAA, national and regional data privacy laws, and the jurisdiction of law enforcement further complicates the use of commercial public and hybrid cloud solutions.”
- Have a plan for breach notification. This should be part of an organization’s incident response planning, and covers notification to affected individuals, appropriate regulatory authorities, and the media. The HIPAA Final Omnibus Rule redefined the definition of a notifiable breach, and the plan should be adapted to fit the new meaning.
For most practices, moving into the cloud is a big decision. Sometimes just understanding it is half the battle. The internet is a good place to learn more. For more information on cloud computing, try Google, or other internet sites. It will be helpful in making your decision, and understanding exactly what is involved.
Other ways to find Tier3MD – medical practice IT support, IT support for medical practices, medical IT, IT support for your practice, Healthcare IT support, EMR Support, Outsourced IT support, Medical IT support and service, Cardiology Support, OB-GYN support, Pediatric Support, New practice setup, Disaster recovery services, HIPAA services, HIPAA risk assessment, HIPAA security assessment, computer support, computer services