Healthcare News & Insights

Letter warns HHS about lack of cloud computing standards in health care

Many healthcare organizations are turning to cloud computing services for EHR systems and other needs. But despite the benefits, there are a lot of risks in the Cloud and some observers say there aren’t enough standards in place to protect patient information. 

Cloud computing services often help providers save money. That can especially be the case for smaller organizations that can’t afford to install in-house electronic health record systems or other health IT systems and instead opt for more scalable cloud-based systems.

However, the increased use of cloud computing in health care can increase the risk that patients’ protected health information will be compromised, warned a recent letter sent from the non-profit group Patient Privacy Rights to the U.S. Department of Health & Human Services.

The letter cites an April 2012 HHS settlement with Phoenix Cardiac Surgery for alleged HIPAA violations. The provider agreed to pay a $100,000 fine after it was discovered that the cloud-based calendar service it was using was making appointment information publicly accessible.

Incidents like that highlight the need for new sets of standards and increased guidance on using cloud computing services for healthcare organizations, Patient Privacy Rights argues. However, although other agencies such as the National Institute of Standards and Technology and the Department of Education have issued cloud computing guidance, HHS has yet to do so.

The letter urges the HHS to issue guidance and standards for provision cloud computing services in health care, including:

  1. Administrative, physical and technical safeguards for organizations using cloud services
  2. Rules for external audits, and
  3. Enforcement of HIPAA and HITECH rules for cloud computing service providers.


Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.