Overcoming Healthcare CIO Challenges with Secure & Scalable HIPAA Hosting

McKesson’s Understanding Your CIO article catalogues a list of statistics derived from surveys, polls and interviews of healthcare CIOs. It’s a very informative snapshot of the position’s latest responsibilities and concerns as the healthcare IT landscape rapidly evolves due to new legislation, vendor response to demands, and the industry’s response to the patient-as-a-user’s needs for information.

Biggest long-term challenges:
Creating an information-driven health system using advanced analytics; building an IT platform for expanded scope of services

High-Capacity HIPAA Cloud

Big data is the big thing nowadays – analyzing and applying the mass amounts of health information collected daily is one way to improve patient care; an important objective not only due to the obvious but also necessary to keep up with the evolving healthcare payment model as it moves away from pay-per-service to patient health improvement.

But supporting all this big data and processes requires a robust IT system – one solution is a high-capacity HIPAA cloud; ideal for massive storage or synchronization. The cloud is highly scalable and grows with changing storage requirements. If outsourced, ask your HIPAA cloud provider if they also provide IT disaster recovery, a HIPAA requirement.

As for building an IT platform for an expanded scope of services, the Deloitte survey on Health System Chief Information Officers: Juggling Responsibilities, Managing Expectations, Building the Future reports that non-traditional settings introduce new challenges to integrating a seamless delivery network. Employees working remotely or patient data reporting remotely from in-home monitoring devices require certain security tools to secure electronic protected health information (ePHI).

Two-Factor Authentication

Two-Factor Authentication

Two-factor authentication for VPN (Virtual Private Network) access is one way to protect against unauthorized access for healthcare employees that connect to their networks from a remote, or non-traditional location via a mobile device. Encryption of stored, in-transit and at-rest data is another way to guard against a data breach in the event of a lost device or hacked system, although ePHI should never be stored locally and only on secure servers located in a HIPAA compliant facility (read below). Read this Mobile Security white paper for more on device and application security.

Biggest near-term challenges:
Navigating the regulatory environment, including meeting the government’s “meaningful use” criteria to obtain IT incentive payments; and continuing foundational groundwork like updating and optimizing existing IT systems, billing compliance and securing personal health information

The regulatory environment also translates to complying with HIPAA standards. Measuring your organization’s security practices against the Office for Civil Rights (OCR) Audit Program Protocol can ensure your operations meet the auditing standards set by the very governing body of HIPAA. View all 169 criteria spanning the HIPAA Security, Privacy and Breach Rules on the HHS.gov site (see below).

Outsourcing your IT infrastructure hosting needs to a HIPAA compliant hosting provider is one way to lock down compliance in one area of your organization. While partnering with a compliant vendor does not automatically make your organization fully compliant, it can help alleviate the process if they can provide an audit report and secure services to allow you to focus on other aspects of your company’s compliance needs.

One way to secure personal health information is to keep it off of local devices and in HIPAA compliant data centers that have the proper physical, network and data security and supported by trained staff. A high availability infrastructure allows for no downtime and always available healthcare applications and data.

Data security must be addressed when implementing technology to meet Stage 2 Meaningful Use standards. One requirement is to provide a way for patients to view, download and request services from providers. Although patient portals provide an ease of access, they also provide another point of entry that can compromise data privacy. Join the discussion in our upcoming webinar, Security and Privacy Concerns with Patient Portals, and submit your questions in advance.

References:
Understanding Your CIO
Health System Chief Information Officers: Juggling Responsibilities, Managing Expectations, Building the Future (PDF)

Related Articles:
Precautions with the HIPAA Cloud for Healthcare Software as a Service (SaaS) Companies
A recent Google search brought me to a health IT blog, Life as a Healthcare CIO, and the post entitled The Reality of SaaS. The author discusses whether or not SaaS/cloud computing is appropriate for EHR (electronic health record) hosting … Continue reading →

Liveblogging HIMSS 13: Mobile Devices: The Legal Landscape and Adopting Appropriate Policies
Online Tech is exhibiting our HIPAA hosting solutions, including HIPAA compliant clouds, for the healthcare industry at HIMSS 13 in New Orleans this year! Tune into our Twitter and follow our blog for updates on the latest HIMSS 13 news. … Continue reading →

Final HIPAA Omnibus Rule: Business Associate Agreements & Roadmap to Compliance
In addition to redefining business associates (BAs) and including subcontractors in the scope of liability, the final HIPAA omnibus rule has prompted the release of a new sample business associate agreement by the Dept. of Health and Human Services (HHS). … Continue reading →

facebooktwittergoogle_pluspinterestlinkedinmail
This entry was posted in Cloud Computing, HIPAA Compliance, Mobile Security and tagged , , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

* Copy This Password *

* Type Or Paste Password Here *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>