The Impact of HITECH & HIPAA on Data Centers

April 27, 2012
82 Views

HIPAA Compliant Data Centers White PaperOur HIPAA hosting and HIPAA compliant data center white paper provides a description of a HIPAA Compliant Data Centers White PaperOur HIPAA hosting and HIPAA compliant data center white paper provides a description of a HIPAA compliant data center IT architecture, contractual requirements, benefits and risks of data center outsourcing, and vendor selection criteria. Section 2.0 discusses the impact of HITECH and HIPAA on data centers:

Protecting the confidentiality, integrity, and availability of electronic protected health information (ePHI) is the essence of the HIPAA Security Rule1. Since data centers typically store, transmit, or process ePHI, they must comply with the HITECH standards and citations to meet HIPAA compliance. The same risk analysis, administrative safeguards, physical safeguards, technical safeguards, and ongoing due diligence apply just as much in the data center as in a provider’s facility.

While there is some debate about the responsibilities of business associates for the protection of ePHI, all indications point toward business associates being held as responsible as covered entities. Consider the latest notice of proposed rulemaking that speaks to the extension of responsibilities from covered entities to business associates:

As with the Privacy Rule, the Security Rule requires covered entities to have contracts or other arrangements in place with their business associates that provide satisfactory assurances that the business associates will appropriately safeguard the electronic protected health information they receive, create, maintain, or transmit on behalf of the covered entities.

Moreover, both covered entities and business associates should bear in mind that prosecution by the Office of Civil Rights (OCR) under HITECH is not the only legal concern. The last year has witnessed an increase in state and consumer lawsuits against both covered entities and business associates. In January 2012, Minnesota Attorney General filed a lawsuit against Accretive Health, for failing to protect the confidentiality of over 23,000 patient healthcare records.

HIPAA Compliant Data Centers White Paper

The safest and most diligent practice to protect ePHI is to ensure that the same policies, risk management, safeguards, and ongoing compliance governance standards are followed no matter where ePHI resides. This means that data centers, whether in-house or outsourced, need to fully embrace complete responsibility for ePHI.

In the areas of administrative safeguards, such as ongoing HIPAA awareness and training for all employees, healthcare providers tend to be stronger. In the areas of technical safeguards and PHI availability, professional data center companies that invest extensively in redundant facility infrastructure and security may be the safer bet.

Ideally, either a healthcare provider would have infinite resources to build and maintain multiple, high-availability data centers or a data center hosting business associate would have a thorough understanding of HIPAA compliance including a HIPAA security risk analysis and management, policies, training of all employees, and ongoing HIPAA compliance audits. While both ideals exist, they are in the minority.

In these cases, the weighing of the pros and cons falls back to the risk analysis and management to choose the best option that will maintain ePHI confidentiality, integrity, and availability.

HIPAA White Paper Download

Read more in our free HIPAA Compliant Data Centers white paper – download it today!

References:
HIPAA Security Series: Basics of Risk Analysis and Risk Management (PDF)
U.S. Dept. of Health and Human Services, Federal Register Part II
Attorney General Swanson Sues Accretive Health for Patient Privacy Violations

You may be interested

Where Is The Balance? Pushing Back Against Consumer Health Tech
eHealth
3 views
eHealth
3 views

Where Is The Balance? Pushing Back Against Consumer Health Tech

Larry Alton - August 18, 2017

When Republican Congressman Jason Chaffetz glibly remarked that Americans struggling to afford insurance should choose between that and their smartphones,…

What to Look for in Patient Solutions Software
eHealth
365 views
eHealth
365 views

What to Look for in Patient Solutions Software

Robert Cordray - August 17, 2017

The medical sector is one area where technology has had a significant impact, largely by providing tools that simplify many…

Can Natural Remedies Like RediCalm Decrease Stress and Anxiety?
Wellness
2 views
Wellness
2 views

Can Natural Remedies Like RediCalm Decrease Stress and Anxiety?

Ryan Kh - August 16, 2017

According to research from the National Institute of Mental Health, anxiety disorders are the most common mental illness in the…