Legal Ramifications Involving HIPAA Compliant Cloud Hosting Solutions

Healthcare companies have been some the earliest adopters of cloud storage. The cost of cloud storage is much less than traditional means of storage solutions available and many cloud storage providers advertise that their products are HIPAA compliant. This can be misleading because there is no special certification for being HIPAA compliant. Instead, a company can operate within the guidelines as provided by HIPAA. One thing that healthcare companies are probably already aware is that the healthcare company shares some responsibility with the storage provider should a data leak occur.

A survey conducted by the Ponemon Institute shows that 45% of technology and security firms agree that cloud file storage is one of the most imminent threats to patient data being leaked. This hasn’t spooked too many IT departments within health care companies because this industry has adopted the cloud much more quickly than other industries.
Pennell Stiven is an attorney at Dykema Gossett PLLC. He recently spoke at the mHealth Summit that took place in National Harbor, Maryland. In his presentation, he noted that “HIPAA compliance is not an official government certification. It just means you follow the rules.” As the presentation went on, he also said, “Because something’s HIPAA compliant doesn’t mean it’s secure.”
Stiven also reminded the attendees that “Statistically, 80 percent of businesses that have been around for less than five years fail.” In regards to the spectrum of cloud storage offerings, many cloud providers could fall victim to this statistic. The biggest question IT professionals must ask themselves is, “What happens after that?” Stiven answered this question by saying, “If you’re dealing with one of those companies, you better have a backup plan.”
Extracting data from a defunct provider can prove to be a challenge in itself. In order to not be subject to legal ramifications involved with cloud storage, it is advised that IT professionals in the healthcare industry create a back up plan and act out disaster recovery scenarios that include the failure of a cloud storage provider in order to be prepared for the worst case scenario.