Managed cloud services

Being HIPAA Compliant in the Cloud

May 9, 2018


If you’re a healthcare organization or work with one, you know what HIPAA is – hopefully! For those of you who need a refresher, the Health Insurance Portability and Accountability Act basically states how healthcare facilities treat confidential and private medical records and other information.

All hospitals and other practices do their best to remain HIPAA compliant, they’re legally required to after all, but when they begin working with a managed services provider or a cloud services provider, the water can sometimes become a little murky. Some IT companies work with a lot of hospitals and know all the ins and outs of HIPAA, and some have little understanding or don’t work with many or any healthcare businesses.

When choosing an MSP to help your IT infrastructure or store your data, the first and foremost thing to know is that they themselves have to be HIPAA compliant and that if they mess up, your business won’t be absolved of any ramifications. Hospitals can receive a fine of $100 per compromised file, but the worst-case scenario is $50,000 per compromised record and potential jail time. Do your research on MSPs!

Now that you’re warned, here is some advice on how to make sure your employees know if their MSP is staying HIPAA compliant.

1. Look out for signs of malware

Malware doesn’t just mean your computer caught a bug and now it’s going to run slower. Malware can mean that someone has access to your files and can read your keystrokes, making it a cinch to hack into your work and personal accounts.

Fortunately, malware is pretty easy to find if you know how to look for it. In addition to having a solid anti-virus, look for any odd add-ons to your internet browser or desktop that you don’t remember downloading yourself. This could mean an added toolbar on your search engine, or maybe your home page when you go on the internet is a different site all of a sudden. In addition, always remember to keep your security software and firewalls on the latest patch.

2. Make sure more than one user knows HIPAA

By user, we mean someone who regularly uses the facility’s computers or works with the IT company on a regular basis. Sometimes the only people in a medical facility that knows HIPAA front-to-back is the doctor themselves, but they’re not the ones usually in contact with the MSP.

Make sure more than one user is knowledgeable on HIPAA, so in case one gets sick, goes on vacation or leaves for another job, you still have someone who can prevent a HIPAA disaster.

3. Document everything and get agreements

Keeping logs of password changes, maintenance, and other regular upkeep is a must, but also you need to be aware of business associate agreements. Basically they are agreements for whoever comes in contact with confidential information, like an MSP, and makes them guarantee that they will follow HIPAA guidelines. Even with the agreement you are still held partially liable for any violation, but it tells the MSP you’re working with that you’re serious about HIPAA and that they need to be as well.

For more information on the cloud and how it can help your healthcare facility improve in a HIPAA compliant fashion, check out the TOSS C3 website and call us anytime at 1-888-884-8677.




Let's Start a Conversation.

Connect with us and experience the TOSS difference.

Send this to a friend