Compliance has become a hot topic recently, mainly because new HIPAA regulations have changed the way healthcare and cloud service providers interact. These changes have caused not only the healthcare community but other industries to call into question how they interact with the cloud and what measures are being taken to protect data and meet regulatory board requirements.
Blurred Lines of Compliancy
A regulatory agency is a public or government authority responsible for exercising autonomous authority over some area of human activity, and every industry has one. Healthcare has HIPAA, Financial Services has PCI, and most companies have Sarbanes-Oxley. As the digital age progresses, regulatory agencies are taking a stronger stand on how companies interact with the cloud.
For example, HIPAA recently released a new set of guidelines that went into effect on September 23, 2013. These guidelines essentially state that cloud computing companies interacting with healthcare firms must now also meet HIPAA guidelines. In the backup world, the new regulations put specific rules on how data is backed up, how it is accessed, who can access said data, and how to notify clients of a data breach. We, the cloud backup provider, must enter into a Business Associate Agreement with the healthcare provider outlining and agreeing upon these terms and conditions. As a cloud backup provider, we now have a higher stake in data protection.
Who’s Compliant- You or Your Cloud Backup Provider
This is where it gets tricky because it varies by industry. In the case of healthcare, both the business entity and the cloud backup provider are required to be compliant. However, these regulations have not been implemented in every industry…yet. I would expect that we will see stricter regulations coming from every regulatory board as we all get a handle on how the cloud affects private business data and personal information.
Regardless of regulations, a good rule of thumb is to always consider your company as the one that needs to be compliant. That’s not to say that your backup provider doesn’t share in the responsibility, but ultimately, you choose who you work with. It is up to you to choose a cloud backup partner that is willing to meet your needs, whether those needs are enforced by your IT department or a regulatory board.
Partnering with Cloud Backup
I use the term partner specifically because we are moving out of an age where you are just purchasing services from a vendor. As regulatory boards get stricter on how you handle data, you are no longer going to want to work with an anonymous vendor. You are going to want to work with a company that has the same goals as you (keeping your data safe) and is willing to step up when needed. You are going to want a partner in compliance. And to get a partner in compliance, you must get a partner in cloud backup.
As you start to consider who your cloud backup partner should be, there are several things to consider. Here is a short (and manageable) checklist to keep in mind for your next cloud backup partner.
- Security: What measures are being taken by the backup provider to protect your information.
- Application/Operation Support: Not all providers support all applications and operating systems. Confirm support before purchasing backup
- Availability: Be sure to view the Data Center Tier. You should not be backing up with a company that offers anything less than a Tier 4 Data Center.
- Regulatory Compliance: Ensure that the solution provider you decide to work with is willing to meet all the standards you need, including signing Business Associate Agreements.
- Company Policy: Review your internal policies to catch any other standards you need to meet.
Our Medical Software is HIPAA Compliant
GreySignal takes great lengths to ensure your patient data, medical records, and all related information is secured and encrypted to comply with all HIPAA regulations. All data is stored in secured facilities, with physical and logical protection systems in place.
Have more questions? No problem.