New Account | Sign In

HIPAA Compliance and the Cloud

Are you properly utilizing the cloud to store sensitive data?

Continue to provide wonderful services to your customers!
—Mobile Health Patient
HIPAA Compliance and The Cloud

The recent widespread adoption of cloud computing is revolutionary, but it doesn’t come without its share of complications. When electronic protected health information is involved, it’s imperative to know that security will never be compromised. Some cloud storage services, such as Dropbox and iCloud, are not HIPAA compliant. Dropbox retains metadata, which could include identifying information, and neither offers an option to sign into a Business Associate Agreement (BAA).

While services like Microsoft Office 365 and Google Drive are willing to enter into BAA’s, the large amount of sensitive patient data stored in, for example, a spreadsheet is susceptible to inappropriate access. A single user, in this case, would be able to access thousands of records, while only requiring access to a specified few. Additionally, the ability to synchronize entire folders across several devices renders the security of information ineffective in the event of a stolen or compromised device. The theft of just two unencrypted laptops last year resulted in a breach of 729,000 health records. In fact, physical theft accounted for over half of all breaches where 500 or more records were compromised.

The solution to reconciling the open, unrestricted nature of the cloud with sensitive health records lies in structured data. With a structured data set, businesses can ensure that each health record is only accessed by individuals with the proper permissions. This stands in clear contrast to file sharing, the basis upon which most cloud solutions operate. Files are downloaded locally, and become difficult to properly audit and secure.

Mobile Health’s proprietary web-based client portal takes into account the necessary precautions for cloud-based HIPAA compliance. The client portal is an electronic health records system that meets and exceeds all HIPAA regulations. This includes SSL-secured 256-bit encryption of:

  • Client Information
  • Correspondence
  • Databases

Furthermore, it utilizes a permission-based user design, which restricts each user account to only the data they are given access to.  You can assign custom permissions across four types of data:

  • Scheduling
  • Billing & Invoice
  • Medical Information
  • Background Checks

For instance, you can assign access to invoices for billing and coding specialists, while reserving the ability to view pre-employment screening schedules and medical information for recruiters. Within each category are more specific options, such as the “red code” for medical information, which you may only allow supervisors to view. The knowledge that your sensitive data is secure and only accessed within a set of clearly-defined borders goes a long way in establishing peace of mind in the new cloud-computing landscape.

Visit the Mobile Health Advantage page for more information.

Posted May 29, 2014 in Mobile Health Advantage
Tags: , ,


Recent Posts
Tags
alert Annuals background check back to work COVID-19 COVID-19 test COVID-19 testing COVID-19 Vaccine Administration CT Digital Medical Records dot Drug screens drug test employee physical employee screening flu health Home Care home health infographic Locations Medical Staffing meet the staff Mobile Health Advantage New Jersey New York NJ NOL NY Occupational Health Occupational Health Solutions pandemic ppd press release Respirator Fit Test Return to Work RFT TB testing Technology titer tuberculosis Wage Parity Wage Parity Clarity wellness Winning the Placement Race