Most health care organizations are desperate to cut costs, which should naturally lead them to rely more on cloud computing services provided by third-party providers. In reality, however, hardly any health care organizations are taking advantage of cloud computing services for fear of violating the privacy and security regulations as codified in the Health Insurance Portability and Accountability Act (HIPAA).
According to Dr. Peter Tippett, chief medical officer and vice president of the health IT practice at Verizon, because HIPAA is not particularly prescriptive when it comes to creating specific levels of privacy and security, most organizations are left to their own devices when it comes to interpreting what the act will allow as it relates to cloud computing. For the most part, Dr. Tippett says health care organizations have decided that cloud computing lays outside the bounds of what’s allowed under HIPAA.
To address that specific challenge, Verizon today announced that it will provide each health care organization it works with with a HIPAA Business Associate Agreement, which certifies that the data centers managed by the Terremark cloud computing unit of Verizon comply with HIPAA. Dr. Tippett says Verizon is essentially trying to take HIPAA compliance off the table as an issue when it comes to cloud computing in the health care sector. Verizon will assume all the liability associated with any potential breach of its data centers.
The expectation, says Dr. Tibbet, is that by assuming this liability, many more health care organizations that are typically restrained when it comes to IT budgets will embrace cloud computing services. Of course, there are a variety of issues associated with cloud computing that may continue to slow adoption, but increasingly it’s starting to look like the most spurious of them all is security. In reality, most data centers managed by cloud service providers are far more secure than anything an internal IT organization has the budget or expertise to do on its own; a fact that unfortunately is all too apparent in the health care sector.
A cloud service provider may not always be the least expensive option, but as Dr. Tippett notes, when forced to make a choice, health care providers tend to prefer to invest in medical devices rather than IT infrastructure. Concerns over security and privacy issues, however, have limited the number of health care organizations that were willing to try to reduce IT infrastructure costs by making greater use of cloud computing. Fortunately, it looks like now those organizations can at the very least more comfortably keep their options open.