MSPs: Get On Board with the HIPAA Omnibus Rule
In recent times, the healthcare industry has witnessed some of the most ground-breaking technological breakthroughs in history. Advancements in telemedicine, electronic health records and mobile health are allowing practitioners to provide even better services to patients. With the rise in medical technology comes the need to find continuity with mainstream cloud computing and cloud-based file sharing services. In fact, health organizations are moving to the cloud in droves, using it to drive down costs, while bettering the quality of services delivered.
However, as healthcare is one of the most regulated industries out there, cloud-based services need to make sure they have the required security protocols in place before they approach prospective clients. If you’re wondering why, look no further than the surge of cyber-attacks the healthcare industry has experienced in the past few years.
Inadequate security preparations causing grievous harm to healthcare
An annual healthcare privacy and security study on 90 Covered Entities (CEs) and 88 Business Associates (BAs), conducted by Ponemon, revealed there has been a 125 percent increase in criminal activity in healthcare organizations since 2010.
The results of the study are shocking, to say the least. Data breaches alone could account for losses of up to $6 billion in healthcare revenue, while the average cost of a data breach for an organization stands at $2.1 million.
45 percent of CEs reported criminal attacks as the number one cause of a data breach in their organization, and 12 percent cited malicious insiders to be the primary reason for their losses.
39 percent of BAs said that criminal attacks were their greatest concern, while 10 percent reported malicious insiders to be their most pressing threat vis-à-vis data breaches.
“We are seeing a shift in the causes of data breaches in the healthcare industry, with a significant increase in criminal attacks,” says Dr. Larry Ponemom, founder and chairman of Ponemon Institute.
Even though healthcare providers are beginning to make investments in security, only 49 percent of CEs stated they have adequate technologies in place to prevent data loss.
Cloud can help healthcare prevent data losses
As cloud services utilize sophisticated security features, an MSP offering cloud-based file sharing can not only help a healthcare organization to lower its infrastructure costs, but also to offer readily available data security.
If you are interested in adding healthcare organizations to your portfolio, your cloud infrastructure must be HIPAA compliant. The Health Insurance Portability and Accountability Act set certain criteria with regards to how patient data should be kept and handled.
In fact, a new addition to HIPAA, called the Omnibus rule, even brings cloud services into the legislation. An excerpt from the act reads:
Document storage companies maintaining protected health information on behalf of covered entities are considered business associates, regardless of whether they actually view the information they hold.
In order to demonstrate that you have the required control protocols in place, you must undertake annual independent audits against requirements laid down by the Office of Civil Rights (OCR) HIPAA Audit Protocols. The audit must be conducted by a reputed third party and should cover all of the 169 requirements laid down by HIPAA law.
Next, when you approach a health organization, you will be required to sign a Business Associate Agreement (BAA) with them before you shift their data to your network. The BAA will specify what you will do for the CE, and how you will manage the information you are entrusted with.
Finally, it is also highly recommended that you have a dedicated person for matching your cloud-based file sharing service’s processes and protocols with HIPAA compliance.