Welcome!

Virtualization Authors: Pat Romanski, Yeshim Deniz, Sharon Barkai, Elizabeth White, Liz McMillan

Blog Feed Post

HIPAA and Encryption Lower the Cost of Healthcare

how to be HIPAA compliant HIPAA Compliance HIPAA Cloud HIPAA Cloud Encryption  electronic health reporter HIPAA and Encryption Lower the Cost of HealthcareAdd to the list of known certainties: death, taxes, and the need to lower the cost of healthcare.

Neither HIPAA standards nor encryption were created with the purpose of lowering the cost of healthcare, but neither was penicillin originally purposed as an antibiotic. Both welcome side effects in the world of medicine.

Cloud Computing and Healthcare

Healthcare and medical companies are migrating to cloud computing in record numbers. The cloud offers flexibility and scalability to manage ever-growing databases of patient records. At the same time, it offers mobility to enable care providers to access patient information remotely and shareability to share data with colleagues, specialists, and labs. The cloud, perhaps most importantly, enables cost reduction on several levels.

  • It eliminates the need healthcare organization have to purchase, maintain, upgrade, and replace costly computing equipment and staff.
  • It saves costs of multiple providers running multiple tests by enabling them to share and track the results.
  • It saves time and money by enabling paperless transmission of prescriptions and insurance claims. It also increases the accuracy of reimbursement coding.

Now, HIPAA omnibus and the American Recovery and Reinvestment Act (ARRA) requirements stipulate everyone in the healthcare industry begin migrating patient records and other data to cloud computing. Essentially, by 2015, all medical professionals with access to patient records must utilize electronic medical and health records (EMR and EHR), or face penalties.

 

The North American healthcare cloud computing market is expected to grow to nearly $6.5 billion by 2018.[1] [2] Healthcare Financial Management recently reported that savings benefits of EMRs/EHRs can amount to upwards of $37 million over a five-year period.

These are big numbers and big savings for healthcare.

HIPAA Standards and Encryption

HIPAA advises us to encrypt our e-PHI, whether at rest or in motion, whenever it is “reasonable and appropriate” to do so. And, especially in the cloud, it is fair to say that it is always “reasonable and appropriate” to encrypt Personal Health Information.[3]

What encryption of ePHI aims to resolve, essentially, is breaches of patient data.

And, it is succeeding!

A  Ponemon Institute study recently found that healthcare data breaches declined in both number and size in 2013, which is great news because data breaches cost healthcare organizations $5.6 billion annually.

To enable organizations to both protect e-PHI and lower the overall cost of healthcare, the Secretary of Health and Human Services published guidance on “technologies and methodologies that render protected health information unusable, unreadable, or indecipherable to unauthorized individuals.” The guidance emphasizes that data encryption is not only a best practice for protecting privacy and security – it also provides a safe harbor to the organization in case of data loss.

By using accepted HIPAA encryption techniques, companies can mitigate risks and reduce their exposure to costly data breaches, thereby reducing the cost of healthcare.

Encryption Key Management for HIPAA Compliance

In the cloud, security and privacy concerns amass. Experts agree that while encryption is a critical component of a cloud security policy, it is not sufficient. To fully protect e-PHI in cloud computing scenarios, encryption keys must be managed in a way that is secure, automated, and constantly remains at the sole ownership and discretion of the covered entity or their business associate.

That is, encryption keys absolutely cannot be stored alongside encrypted data or visible to (much less, managed by) a cloud provider or other third party. An accepted best practice for encryption key management and HIPAA compliance is split key encryption with homomorphic key management.

Cloud Encryption and Cloud Key Management Lower Costs

By enabling healthcare organizations to securely enjoy the benefits of cloud computing, innovations like these reduce risk and mitigate costs associated with expensive data breaches. By enabling the covered entities to claim “safe harbor,” they also negate the possibility of additional fines, penalties, and expensive bureaucracy that can accompany a breach in the cloud.

The post HIPAA and Encryption Lower the Cost of Healthcare appeared first on Porticor Cloud Security.

Read the original blog entry...

More Stories By Gilad Parann-Nissany

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.