With healthcare organizations transitioning from paper-based to digital records, the resulting explosion of data is causing the industry to face many issues. IT professionals within these organizations must focus on implementing meaningful technology to improve patient care, data management and cost containment. At the same time, healthcare companies must keep patient data secure and adhere to strict governmental regulations.
How do healthcare companies meet all of these challenges? The first place to start is with an evaluation of a provider’s data center certifications and data center compliance to HIPAA regulations.
What Does HIPAA Require?
HIPAA, or Health Insurance Portability and Accountability Act, was a law enacted in 1996 to define parameters around usage and disclosure of a patient’s protected health information (PHI). Specifically, HIPAA requires healthcare organizations to maintain a security management process to protect against “attempted or successful unauthorized access, use, disclosure, modification, or interference with system operations.”
The growing number of electronic medical records has made complying with the law increasingly difficult today. Because HIPPA regulations are taken very seriously, any non-compliance can have a devastating effect on an organization. Violations of the law often result in substantial fines and/or jail time.
What are the HIPAA Control Categories?
HIPAA compliance is evaluated on three categories of controls established by the U.S. Department of Health and Human Services: administrative, physical and technical safeguards. Each of these controls is audited to determine compliance.
To provide the best protection against HIPAA violations, a colocation provider’s data center will meet the required physical and administrative security controls. Specifically, the provider must support HIPAA compliance through:
- A Controlled, Secure Facility
- 24/7 Physical Security Monitoring
- 90-Day Video Surveillance and Retention
- Cabinet/Cage Perimeter Security
- Badge and Biometrics
- Compliance Base Audit Reports
- Security Incident Response Notification
Who is Responsible for HIPAA Compliance – the Provider or Healthcare Customer?
Under each HIPAA category, the responsibilities for compliance involve three situations:
- The provider/vendor and healthcare company are both responsible
- The provider/vendor alone is responsible
- The healthcare company is solely responsible
Therefore, healthcare organizations cannot simply shift all of the responsibilities for HIPAA compliance to a third-party provider. However, they can work together with a data center provider to meet the compliance requirements together. In the end, the healthcare company is still liable for violating HIPAA guidelines.
Healthcare companies’ main emphasis has to be on providing the best patient care possible. Fortunately, they can partner with a HIPAA-compliant data center partner. A colocation provider with the proper physical safeguards in place can help protect the integrity and security of its healthcare customers’ PHI.
To learn more about colocation facilities and how CyrusOne can provide services to meet your specific needs, click here.