Has the cloud found its moment?
September 20, 2013 in Medical Technology
Long looked upon warily by healthcare security experts, cloud technology could soon find more favor as new rules bring clarity and assign responsibility for privacy protections.
That’s one of the conclusions from a recent study conducted by Porter Research and sponsored by Covisint. The report, “Healthcare Industry Reaches Tipping Point: CIOs Now Demand the Cloud for Shared Savings and Interoperability,” finds increasing confidence in the cloud among healthcare decision-makers, due in large part to the new specifications of the HIPAA Omnibus rule.
“For a long time, the cloud was untrusted on multiple levels — people weren’t familiar with it, they were afraid of the security aspect and, simply stated, it just wasn’t the safe career choice — in other words, nobody got fired for not choosing the cloud in the past,” says Covisint’s Chief Medical Information Officer John Haughton, MD.
“That’s all changing dramatically,” he says.
From a strategic point of view this shift in attitudes is being driven by the Affordable Care Act, says Haughton. “With the advent of accountable care initiatives, providers and payers need a way to share clean, secure private health information throughout the community of care.”
But another big factor has been the protections for providers brought about by the new HIPAA revisions, shifting burdens for liability to healthcare business associates, leaving cloud companies on the hook for keeping patient data secure.
“The HIPAA Omnibus Rule dramatically increased the scope of HIPAA Privacy and Security policy and the enforcement activities supported,” says Haughton. “We see this as a positive development as it helps improve stakeholder trust in the cloud as a mechanism for clean, portable data.”
As of this month, “Business associates, like Covisint, are held to a higher standard, and their liability under the rule is now more similar to the physician’s,” he says.
Among the new changes, business associates are now responsible for their subcontractors; business associates must comply with security and breach notification rules; physicians are liable for the actions of their BAs who are agents, but not for the actions of those BAs that are independent contractors.
Also, says Haughton, “physicians are no longer to report failures of their BAs to the government when termination of the agreement is not feasible, as HHS has concluded that the BA’s direct liability for these violations is sufficient.”
Article source: http://www.healthcareitnews.com/news/has-cloud-found-its-moment