Information on the human genome may be better protected  if stored in the cloud.

HIPAA data protection rules could have positive impact on information security

Stephen Perkins

The use of cloud-based services as mandated by the Health Information Technology for Economic and Clinical Health Act of 2009 can reduce the dangers of noncompliance violations for storing information related to the human genome, DNAnexus Chief Compliance Officer Lee Bendekgey wrote for Healthcare IT News.

The act amended the Health Insurance Portability and Accountability Act of 1996 to protect individually identifiable health information and went into effect in 2009. The possibility that genetic data stored in a remote data backup could be associated with a given individual may give organizations that handle such material in their databases an impetus to treat it as personal health information.

"Entities that are obligated to comply with HIPAA are often particularly concerned with the obligation to report HIPAA breaches and the associated potential harm to their reputations," Bendekgey wrote. "These reporting obligations create powerful incentives for organizations to implement systems and processes to reduce risk."

Out of 21 million health record data breaches that have been reported under the law since 2009, only about 8 percent resulted from hacking, according to Bendekgey. Most of the breaches were via the theft or loss of IT equipment containing unencrypted data. By using a data management system that only stores information in the cloud, the risk of theft stolen is reduced because only the personal health information being viewed at any time is on the computer, while the rest is stored securely offsite.

In addition to requiring notification of data breaches, the law also calls for providers to encrypt data and perform a risk analysis to find security gaps, according to InsideCounsel. These requirements provide additional security to genetic information stored in the cloud. Rigid enforcement of encryption requirements provides another layer of protection for offsite backup because a hacker would need to have an encryption key for the data to have any value, while the analysis can help a cloud service provider fix problems before a data breach occurs.

Categories: Cloud Backup, Data Protection, Online Backup