HIPAA, Cloud Storage, and Your Dental Practice

Clouds are no longer only thunderclouds, snow clouds, or looking up at the clouds on a lazy summer day to look for shapes clouds. Is that a dragon or a dinosaur? The cloud is now everywhere – on your phone, on TV commercials, in magazines, and, if you read IT pubs, a topic for the last fifteen years.

The cloud is a simple concept – you’re renting a service (application, storage, etc.) on a server that you don’t own or control (for most of you reading this, cloud services will be hosted outside of your office but larger companies have cloud services inside their company. It can become complicated and I digress.).

It’s also not a new concept, as I alluded to above. Cloud services have been working to help businesses of all kinds enhance their IT for over a decade.

The most important thing to remember about the cloud today is this: it’s simply another option to deliver IT services to your business.

Cloud storage can be HIPAA-compliant, and more secure – and your patient data NEEDS to be secure (review our post last year on potential HIPAA penalties to remind yourself why).

4 Benefits to Business From the Cloud

Before getting into the HIPAA aspect of this, I wanted to share four benefits of the cloud. These are general benefits, but all apply to storage too.
  1. For SMBs, cloud services allow you to possess Fortune 2000-class IT capabilities without needing a Fortune 2000 IT budget.
  2. Increase your storage capacity with a single phone call. Cloud services vary in complexity depending on your needs, but you can begin using cloud services in days as opposed to months.
  3. Information technology is complex. You focus on root canals and finding a better-tasting fluoride option; we’ll focus on supporting your practice with IT.
  4. No more patching and updating products. Your IT infrastructure is patched, updated, and kept up-to-date, without you even noticing, allowing you to focus on more important tasks.

I didn’t include decreased cost in the list of benefits (which most cloud service providers will boast of) because it’s not necessarily true. It is often true that many basic IT cloud-based services – such as adding simple storage, basic collaboration, or basic application hosting – are less expensive than on-premises solutions. However, as cloud-services become more complex, you add more seats, or you need to integrate cloud services tightly with in-house systems (a customer database for example), the cost in dollars can be similar to what you’d pay for in-house IT.

HIPAA Compliance and the Cloud

“Why worry about any of this. It’s a hassle, paper medical records are good enough for me,” you might be thinking. Setting aside the productivity, sharing (when needed), and redundancy benefits of storing data in the cloud; stolen or misplaced paper documents remain a top 3 source of protected health information data breaches and theft. Paper is not inherently more secure than digital information.

You are always responsible for your own data and information, so it’s important that you’re sure of your cloud partner’s HIPAA compliance bonafides. One misunderstanding is concern over ownership of information stored in the cloud: Just because information is stored outside of your office, you still own your data. You outsource storage and management of that information, but the information is yours.

Here are four factors that you need to look for in your cloud partner:
  1. Cloud service providers come in many different flavors, look for a company that understands the needs of dental practices and healthcare privacy requirements.
  2. All Protected health information must be encrypted to be HIPAA-compliant in the cloud (at rest) and during transmission (in flight). Do they have this technical capability?
  3. Cloud providers that are HIPAA-compliant will offer a Business Associate’s Agreement (BAA) to safeguard PHI. If your cloud provider doesn’t offer this, they aren’t compliant.
  4. Some state requirements supersede HIPAA, be aware of those. Partners that understand these differences can smooth the transition to cloud storage of your HIPAA-compliant records.

The cloud isn’t less safe than in-house IT or paper documents. In most cases, it’s actually safer. Add in the additional benefits listed above, and the decision to at least investigate a cloud service provider’s offering becomes a no-brainer.

If you want to see how your practice stacks up, check out the free security risk assessment tool at HealthIT.gov, click here to take a look.


Leave a Reply