With the rise of cloud computing, it was inevitable that it would make its way into healthcare IT as well.
If you haven’t heard of cloud computing, here’s how it works: instead of being stored on your own computers, patient records are stored “on the cloud”, that is, an array of high-end servers hosted by a vendor. You access files just like you would on your own computer. The only difference is that instead of pulling a file from a server in the back office, the file comes from a huge server located somewhere else. You pay a monthly fee for the service.
Cloud computing offers several benefits to clinics: lower operating costs, more security, and no need for high-priced servers. However, thanks to HIPPA laws there are some unique security concerns that come with cloud computing. According to a recent article published in Information Week Healthcare,
“…the Health Insurance Portability and Accountability Act (HIPAA) privacy and security rules do not specify whether a provider using a cloud-based EHR owns data in the medical records or if the information belongs to the service host.”
Since cloud computing is relatively new, many physicians are unclear how to safely manage their patient information and stay in accordance to HIPPA regulations. The experts quoted in Information Week have some great tips:
1. Before you sign a contract with any EHR vendor (those offering cloud-computing options), make sure you know without a doubt who’s legal responsibility it is if there’s a breach.
2. Make sure you know whether or not your information will be sequestered if there is a breach, and whether or not there will be a clear audit trail.
3. Ask your vendor to create an audit log for you twice a year, just to make sure it can be done.
4. If any vendor refuses to perform a security audit, or drags their feet doing it, walk away from them. You want to work with a vendor willing to offer complete transparency.
Without a doubt, cloud computing can offer hospitals and clinics freedom from many expenses and headaches that come with hosting all this patient data. However, with this new technology come a whole host of security problems that lawmakers haven’t even begun to address yet. If you and your clinic decide to go with cloud computing for your EHR, make sure you always have an audit trail to follow.