• Magazine
    • Past Issues
    • Subscribe
    • Change Mailing Address
    • Surveys
    • Guidelines for Authors
    • Editorial Calendar
    • Editorial Deadlines
  • Practice
    • Business Tips
    • Chiropractic Schools
    • Clinical & Technique
    • eBooks
    • eCourses
    • Infographics
    • Quizzes
    • Wellness & Nutrition
    • Personal Growth
    • Podcast
  • Resource Centers
  • Products & Services
    • Buyer’s Guide
    • Products Directory
    • Submit a Product
    • Vendor Login
  • Datebook
    • Become an Events Poster
    • Post an Event
    • View Events
  • Jobs
    • Jobs
    • Post a Job
  • Advertise
    • Advertising Information
    • Media Kit
    • Contact Us
    • Upload Advertising

Your Online Chiropractic Community

Chiropractic Economics Your Online Chiropractic Community
Subscribe
  • Home
  • Current Issue
  • News
  • Webinars
  • Chiropractic Research
  • Students
  • Coronavirus (COVID-19)

Is your cloud provider HIPAA compliant?

Chiropractic Economics March 30, 2011

If you’re a Covered Entity under HIPAA, you may be torn between moving your data into the cloud or maintaining it the old-fashioned way – in your own data center. Either way, you must be sure you’re complying with HIPAA requirements.

Logicalis has developed a 10-point checklist addressing privacy and security of healthcare data.

 

(1) Policies. Your cloud provider must have a security program that meets the specific policies and procedures required by HIPAA.

(2) People. Your cloud provider should have a dedicated person on-site at the cloud provider whose job is to be responsible for matching the provider’s offerings with HIPAA’s requirements.

(3) Access Controls. It is vital that your cloud provider has access controls in place that include electronic identification and limit physical on-site data access to a restricted list of people.

(4) Encrypted Data in Transit. Unless the provider is processing your data, the cloud provider cannot offer security at the point of input, but it can ensure that the transfer of that data to and from the cloud is encrypted and, therefore, secure.

(5) Encrypted Data at Rest. If the cloud provider is storing healthcare data on hard drives, that data must be encrypted and each drive accounted for at all times. That includes any backup copies of the data as well.

(6) Monitoring. For cloud providers to be HIPAA-ready, daily operational procedures that log and monitor the data in the cloud 24/7 looking for any suspicious activities are a must.

(7) Breach Notification. In case of a security breach, cloud providers must have an incident response process that includes procedures for containing the incident and notification of Covered Entities in accordance with HITECH.

(8) Disaster Recovery. A cloud provider should have a plan to address the recovery or continuation of technology infrastructure critical to a Covered Entity after a natural or human-induced disaster.

(9) Data Location. Know where your data is located; choose a cloud provider that stores your data on a server in the United States. If your data is on servers residing in foreign countries, the data may be subject to search by the foreign governments in those countries.

(10) Experience and Organization-Wide Awareness. Make sure you choose a cloud provider that has a proven track record of successfully managing cloud services for other healthcare clients. You want a provider that has a security awareness program for its entire organization in place so everyone there is on board

Related Posts

  • Audit trails, audit controls, and security within the chiropractic practiceAudit trails, audit controls, and security within the chiropractic practice
  • Coalition for Patient’s Privacy comments on EHRsCoalition for Patient’s Privacy comments on EHRs
  • Is your communication with patients HIPAA compliant?Is your communication with patients HIPAA compliant?
  • Small business sites often lack web privacySmall business sites often lack web privacy
  • The benefits of educating your clients on HIPAA complianceThe benefits of educating your clients on HIPAA compliance
  • White paper explores security and privacy protections of HITECH ActWhite paper explores security and privacy protections of HITECH Act

Filed Under: News, Practice Management Software

Current Issue

Follow Us

  • Facebook
  • Twitter
  • Instagram
  • LinkedIn
  • YouTube logoYouTube logoYouTube

820 A1A N Highway W18,

Ponte Vedra Beach, FL 32082

Phone 904.285.6020

Fax 904.395.9118

CONTACT US »

Privacy Policy & Terms of Service

Copyright © 2021, All Rights Reserved

SUBSCRIBE TO THE MAGAZINE

Get Chiropractic Economics magazine
delivered to your home or office. Just
fill out our form to request your FREE
subscription for 20 issues a year,
including two annual Buyers Guides.

SUBSCRIBE NOW »

Latest Chiropractic News

  • Upcoming April chiropractic workshops/conferences
  • Parker University announces technology partnerships for cutting-edge touch tables, software
  • Chiropractor wrestler attempts Olympic qualification, starts fundraising campaign
x