Is Patient Data in the Cloud Keeping You Up at Night?
Cloud adoption across the healthcare industry is growing, but not without worry for organizations handling sensitive electronic protected health information (ePHI). According to the June 2014 HIMSS Analytics Cloud Survey, 80 percent of healthcare organization respondents reported that they currently use cloud services. For those resistant to moving to the cloud, security concerns was cited as a primary barrier.
The security concern is very real, especially in the healthcare industry where advancements and regulations continue to evolve at a rapid pace. The Ponemon Institute’s latest 2014 figures show that the average cost of a data breach to a company was $3.5 million, a figure that’s 15 percent more than what it cost last year, and doesn’t even factor in the brand and reputation damage that is caused, which is arguably even more impactful.
Originally passed in 1996, HIPAA was put in place to address this challenge and establish national standards to protect individuals’ medical records and other personal health information. Strengthened in 2013 with the addition of the Omnibus Rule, HIPAA today now has some serious teeth.
The cost of non-compliance and exposure of ePHI data goes beyond loss of trust; penalties can cost organizations hefty fines. In 2014, New York Presbyterian and Columbia University were slapped with the highest monetary payment to date of $4.8M following a 2010 joint breach report regarding the disclosure of the ePHI of 6,800 individuals, including patient status, laboratory results, vital signs, and medications, among other violations.
But achieving and maintaining compliance is not easily done. Healthcare entities need to make sure their cloud service providers are operating environments that meet the strict requirements of HIPAA, HITECH and other laws that apply to healthcare organizations. Under HIPAA, for example, healthcare providers can store protected health information in the cloud themselves or must be confident that the cloud service provider is committed to protecting information with at least the same diligence they would be obligated to exercise as if they were doing it themselves.
Carpathia knows the ins and outs of these stringent regulations well and has been delivering compliant managed hosting services, multi-tenant and private cloud solutions, and compliant colocation to healthcare organizations for over a decade. Coming off the heels of our Continuous Assurance Platform launch, Carpathia is further expanding its suite of healthcare industry-focused solutions today with the introduction of its beta program for Healthcare Community Cloud Service (HCCS).
HCCS is Carpathia’s latest Infrastructure-as-a-Service (IaaS) solution that offers healthcare providers and affiliated service companies instant access to a compliant and scalable cloud infrastructure purpose-built to manage risk and ensure compliance with HIPAA and HITECH regulations.
Carpathia’s HCCS beta program is now officially open. If your organization is interested in applying, you can find more information about the program here. You can also read more about the solution, key benefits and who qualifies for enrollment in today’s press release.