Data backup companies will soon share responsibility for patient records stored in the cloud.

HIPAA changes relationship between healthcare providers, cloud backup companies

Stephen Perkins

Online data backup providers are seeing an increase in inquiries from potential customers as the compliance deadline for the updated Health Insurance Portability and Accountability Act draws nearer, and the new rules promise to change the way that offsite backup companies interact with healthcare professionals.

Healthcare providers have until Sept. 23 to transition their patient records to a cloud backup service or face fines that could potentially reach $1.5 million. The law is meant to make it easier to transfer patient records to new health care providers and augment security by taking them out of offices and mandating that doctors, dentists and other medical professionals transition to online data storage.

"We couldn't really have those conversations before the omnibus rule came out," Verizon solutions architect Chris Davis said in an InformationWeek interview. "Now everybody's on the same page. We're forced to talk the same language, with the same requirements, with the same purpose."

One significant aspect of the rule change is a mandate that if patient data is compromised, both the healthcare provider and the data storage company can be subject to penalties. The rule change does not relieve the healthcare firm of responsibility, but it does encourage better security by extending compliance requirements to the backup service provider. Previously,  the healthcare provider had to bear the brunt of penalties for data breaches.

"But cloud computing changes the dynamics of this a little bit," Savvis security strategist Ed Moyle wrote in TechNewsWorld. "Why? Because in a cloud computing scenario, most security activities occur in partnership between vendor and client – in other words, while ultimate responsibility for compliance always resides at the covered entity, the actual implementation of certain operational aspects of security occur at the business associate cloud provider."

Categories: Cloud Backup, Data Compliance, Data Protection, Online Backup