Year in Review: Healthcare Events and Webinars of 2012

A lot has changed in the healthcare cloud computing space in the last few years, so we’ve gathered our best resources to keep you in the know

HIMSS ‘12

The healthcare IT HIMSS ’12 conference was full of great educational sessions and presentations from industry leaders and health IT professionals. One presentation with speakers native to our home-base of Michigan was called Navigating the Cloud: Risk and Protections for Healthcare Data, which outlined a few key points when it comes to choosing a cloud vendor in the healthcare industry.

Presentors:

• Margaret Marchak of the University of Michigan Health System Legal Office, Ann Arbor, MIs
• Melissa Markey of Hall Render Killian Heath & Lyman, Troy, MI

Discussing the benefits of cloud computing in healthcare, privacy and security risks when healthcare data is stored in the cloud and the contracts and due diligence required to protect PHI were key learning objectives, according to the slideshow.

After defining RFP’s in cloud computing, they moved on to “picking the vendor” and listed a few factors a covered entity should consider when choosing a long-term, HIPAA compliant cloud vendor:

• The type of cloud – public, private or hybrid.
• Length of time in business and service record.
• Willing to contractually commit to acceptable performance terms.

The presentation goes on to a covered entity’s due diligence on choosing a vendor – what should you check when choosing a HIPAA compliant cloud provider?

• Is it a large company, or a small start-up leasing space on a bigger company’s network? This is key when choosing a vendor, as many HIPAA compliant data centers, or those that claim to be, often do not actually own and operate their own data centers. Online Tech owns and operates all of our data centers and we have been independently audited (and found 100% compliant) for HIPAA compliance.
• Financial stability and track record. Check for references and case studies of proven client success in the healthcare field.
• Insurance; assets and recoverability. By this, I would assume the speakers are referring to PHI data breach insurance, which can cover costs of litigation and other losses incurred as a result of a data breach. By recoverability, they may also be referring to costs, but PHI recoverability can refer to a separate issue that healthcare companies should consider – in the event of a disaster, how quickly and accurately can they recover their data? Investing in a HIPAA compliant disaster recovery solution for the cloud and offsite backup can recover data and applications in a matter of hours as opposed to weeks or months using traditional disaster recovery methods.
• Policies and procedures. An important part of compliance is evidence of a formally documented set of policies and procedures custom to your HIPAA cloud vendor. These should include documentation of physical, logical, network and technical security safeguards as well as day-to-day security operations implemented as part of employee training.

If you’re looking for other resources about HIPAA compliant clouds, try reading this article about high-capacity compliant clouds and why they’re ideal for healthcare data storage and PHI high availability.

Managed Care Outlook: Cloud Computing for Healthcare

Recently, Managed Care Outlook: The Insider’s Business Briefing on Managed Healthcare featured an interview by Attorney Tatiana Melnik of Dickinson Wright with April Sage, Online Tech Director of Healthcare Vertical and Marketing, titled Health Care Moving to the Clouds. 

The article discusses the benefits, privacy and security issues concerning cloud computing and healthcare, especially when it comes to adhering to HIPAA compliance (Health Insurance Portability and Accountability Act) while using the services of a cloud provider.

Here’s an excerpt from the opening overview of cloud computing, written by Tatiana Melnik (frequent Online Tech webinar guest speaker):

“For the past few years, the new buzzword in computing has been “cloud computing,” with its promise to generate tremendous cost savings for businesses by, for example, minimizing the need to anticipate hardware, bandwidth, and other technology needs in the annual budget because, “in the cloud,” businesses pay as they go.

With the tremendous cost pressures in health care resulting from an aging population, a shortage in personnel, a downturn in the economy, and an overall consensus that health care is simply “costing too much,” health care companies have not been deaf to the buzz.

While health care business leaders desire to cut costs, they are also concerned about the privacy and security risks posed by cloud computing. In this column, I discuss cloud computing and health care with April Sage from Online Tech, Inc., a cloud computing service provider.”

Our Top Articles of the Year

Google Analytics is your best friend to find the top trending topics of your blog or website – so I thought I’d share a bit of the gold with everyone to help guide them through. Ease your data center audit and cloud computing concerns (they can be harrowing, I know) and learn a thing or two from our expertly written and researched articles receiving top hits in 2012:

SAS 70, SSAE 16, SOC 2 and SOC 3 Data Center Standards
Online Tech’s Co-CEO Mike Klein makes a thorough analysis of the evolving auditing standards for data centers, including what each standard measures, and why SOC 2 provides what was missing in the previous SAS 70 and SSAE 16 audits.

SOC 1, SOC 2 & SOC 3 Report Comparison
Now that you know the data center auditing standard SOC has replaced SAS 70 and SSAE 16, why are there three different reports (aptly named SOC 1, 2 and 3)? Read and learn from our handy chart on what each standard reports on and who uses it.

The Six Benefits of Cloud Computing
Mike Klein outlines the benefits of cloud computing for businesses, including lower costs, capex (capital expense) free computing, faster deployment and more.

2011 HIPAA Audits and Violations
Chronicling the types of healthcare data breaches and the initial pilot audit program launched by the U.S. Department of Health & Human Resources, check out these infographics to learn about examples of HIPAA violations in 2011 and what to avoid. A more updated version can be found in 2012 HIPAA Violations and Audits.

What’s in a Business Associate Agreement?
Also known as a BAA, get a high-level overview list of the provisions included in a contractual agreement between a covered entity (a healthcare organization that stores, processes or transmits protected health information) and business associate (the vendor that provides a service for the covered entity).

2012 Health IT Spending & Trends
Cloud computing was slated as a major tech investment for 2012, with 50 percent of IT budgets being allocated to the initiative. With the total clinical healthcare IT market projected to grow from $7.4 billion to nearly $17.5 billion in 2016, it’s a good idea to keep up with tech spending trends to inform your own business.

2011 Cloud & IT Disaster Recovery Statistics
Find out what size companies are avid cloud adopters, and the average downtime of companies that have gone to the cloud – making a good case for cloud-based disaster recovery. When it comes to data storage, find out why disaster recovery or backup, increased IT costs and other business drivers induce cloud decisions.

Encrypting Data to Meet HIPAA Compliance
Far too many a data breach/HIPAA violation has been due to lack of encryption. While addressable in the HIPAA Security Rule, it’s just a best practice for any company concerned with data security. Get a comprehensive list of top industry encryption tips from this article.