The American Medical Association is helping doctors make the transition to online data storage.

Group offers help to doctors navigating new data storage requirements

Stephen Perkins

Dentists, physicians and other medical professionals may benefit from recently published documents that are intended to help them find their way through the online data backup rules mandated by the updated Health Insurance Portability and Accountability Act.

The new regulations take effect Sept. 23 and require healthcare providers to transfer patient data to a cloud backup service. It also increases penalties for data breaches and raises fines for compliance violations.

The guide for physicians published by the American Medical Association includes a summary and explanation of the revised rule that includes online data backup encryption requirements for patient information. It also features templates for several required documents, including revised patient privacy notices and for agreements with third-party data storage providers. 

"Understanding the implications of the modified privacy rule can be daunting for busy physician practices," Dr. Ardis Dee Hoven, president of the AMA, said in a press release. "The AMA stands ready with expert resources and effective tips that will help physicians meet the new requirements for protecting highly sensitive patient information as more data becomes digitalized."

Shifting to cloud backup can be a daunting process for any business, and the mandated deadline for medical professionals to make the change increases anxiety for healthcare providers. The guidelines from the AMA can provide some clarity for those who are still unsure of what is expected of them.

Following the rules
The updated HIPAA rules specifically classify cloud backup providers as business associates, which means that they have to share the responsibility for any data breaches. Previously, penalties only applied to healthcare providers, insurance companies and other parties defined as primary handlers of patient data, HighCloud Security founder Steve Pate wrote in ComputerWorld.

Healthcare professionals can make sure that their data backup provider is capable of complying with the regulations through an in independent audit. They also can maximize their data security by making sure that there are no holes in their security infrastructure and by ensuring that patient data is encrypted. Rendering data unreadable by anyone who does not possess the encryption keys can help healthcare providers avoid an investigation.

"The new Omnibus standard dictates that a breach of 'unsecured' protected health information must be reported unless the covered entity or business associate (using a multi-factor risk assessment) determines that there is a low probability that the PHI has been compromised by unauthorized use or disclosure," Pate wrote.

Categories: Cloud Backup, Data Compliance, Data Protection