Everyone is concerned about the privacy of health information. Read this article from ZoneAlarm!

“When it comes to health, privacy is of utmost importance. It’s necessary to ensure that, even while using a secure Internet service to store data, patient data is on lockdown. It’s also the law.

HIPAA, the Health Insurance Portability and Accountability Act (also known as the Standards for Privacy of Individually Identifiable Health Information), was passed in 1996 by the U.S. Congress and effective as of July 1, 1997. The purpose of the Act is to prevent fraud and abuse in the delivery of sensitive healthcare information.

The privacy rules give patients control over how their health information is used–including information put in your medical record, conversations you have with your provider about your treatment, clinical billing information, etc. Under the act, patients are also allowed to request copies of their medical records, have corrections added, and decide if they want to give permission for health information to be shared. It also requires “covered entities” to put in place appropriate controls to secure patient information.

According to the U.S. Department of Health and Human Services, covered entities are: a healthcare provider that conducts certain transactions in electronic form, a healthcare clearinghouse, or a health plan.

Covered entities are responsible for the secure transmission of public health information (PHI). The penalties for neglecting the necessary implementation of secure controls can be monetary, or they can result in imprisonment. Among other things, HIPAA prevents these entities from downloading PHI to computers without encryption or transmitting it over open networks.

How Cloud Computing Changes The Game

In a normal HIPAA-related storage security situation, “covered entities”– meaning a healthcare provider–implement the data security control as detailed by the HIPAA law (and document it, too.) But, as Tech News World explains, the cloud changes things. In a cloud computing situation, “most security activities occur in partnership between the vendor and client.”That means the business associate cloud provider is responsible for implementing the HIPAA-compliant controls for storage. Under the 2009 HITECH (Health Information Technology for Economic and Clinical Health Act, cloud service vendors have the same security responsibilities as covered entities.

How Safe is the Cloud for Health?
Despite some popular misgivings, it appears that the cloud is actually pretty safe for health data. A recent Software Advice report, based on findings from the U.S. Department of Health and Human Services, showed that hacking of cloud-based electronic health systems constituted about 22% of HIPAA violations. And only 12% of breached locations were computer networks. 30% of the healthcare industry utilizes the cloud in total.”

Read full article here.