Posts

Your guide to setting up a HIPAA-compliant cloud

When you put your healthcare organization’s patient data on the cloud, you enjoy a range of benefits like having to worry about computer files being erased accidentally. Furthermore, it’s simple to organize all of your data and use analytics to make the most accurate decisions possible.

At the same time, you must make sure that your cloud complies with HIPAA, the Health Insurance Portability and Accountability Act, which Congress passed in 1996. It sets forth complex rules for keeping, transmitting and using protected health information (PHI) or electronic protected health information (ePHI).

Here is an overview of things you should be doing in order to ensure HIPAA compliance.

Step 1: Finding the right cloud provider

To start, it’s helpful to obtain a copy of the online HIPAA guidelines that the Department of Health and Human Services’ Office of Civil Rights (OCR) offers. You can review them with your attorney and your IT team members.

As soon as you’re clear on those rules, you can conduct – perhaps with the help of an IT managed service provider – a thorough risk assessment. During this process, you’ll examine various cloud service providers (CSPs) to find one that guarantees every reasonable safeguard, including encryption, for your PHI. You might inspect a CSP’s headquarters yourself, or you could rely on expert security audits.

Once you’ve found a CSP you can trust, your attorney can draw up a business associate agreement (BAA). This agreement will hold your company and your CSP, which the law terms your “business associate,” to all HIPAA regulations.

You must also create a service level agreement (SLA), one that details the quality of service that your CSP will provide. For instance, how will it attempt to recover lost data? How much downtime, if any, can you expect? (The answer should be virtually none.)

Step 2: Securing your data

Under HIPAA, you’ll have to take every practicable measure to keep track of your patient data and prevent it from falling into the wrong hands.

HIPAA permits healthcare professionals to use mobile devices to access data. However, each mobile device, along with each computer and other endpoints, must be protected by multiple layers of security. Those measures should include:

  • Randomized and unique passwords
  • A powerful firewall
  • Sessions that time out
  • Two-factor authentication
  • Data encryption that meets or exceeds industry standards
  • An intrusion detection program

Likewise, you should provide regular training sessions to ensure employees are using best practices and are able to recognize the warning signs of hacks or phishing scams.

Moreover, everyone should be on a need-to-know basis. It’s illegal to share a patient’s ePHI with anyone outside of your business unless the person who’s requesting it has a HIPAA release form. (That document must include the patient’s signature.) Your cloud should also have a principle of least privilege (PoLP) security model to make sure each user only has the authority to access the information necessary for his or her job.

An automatic alert system is valuable here. You’ll receive a warning if an unauthorized person accesses your cloud data or if an authorized person does something in the cloud they’re not supposed to do.

Step 3: Reporting breaches

What happens if an unauthorized person gains access to someone’s ePHI? This could occur due to employee error or hacking.

You must tell the affected patient about the transgression within 60 days. Plus, on an annual basis, you must let the Department of Health and Human Services know about every PHI breach that happened during the past year.

If more than 500 records are breached at one time, you’re obligated to send out a press release and to tell the HHS at once. The OCR will follow up, seeking more detailed information.

Finally, as you work your way toward full HIPAA compliance, it’s wise to partner with outside IT specialists. These experienced professionals can advise and support all of your data storage efforts.

In addition to conducting the initial risk analysis, those security experts can identify and eliminate potential vulnerabilities in your network. They can also help you craft an IT budget that accounts for all security measures. As cloud technologies evolve and improve, they’ll ensure that you always stay within the law and always protect your patients.

Business Having Growing Pains? Let Cloud Solutions Be Your Tonic

Business growth is a good thing, though not without its challenges. Just as successful ideas start off small and grow over time, so do businesses. Today’s SMB might become tomorrow’s industry titan. Proper growth requires new and expanding solutions if a company expects their IT to keep up.

As companies grow, so do their teams and their IT needs. An increased staff means more technology resources. Not to mention additional networking needs and greater bandwidth to support increased data traffic.

For many SMBs there will come a point where replacing, upgrading and housing expensive on-site equipment to support continued growth will cease to make sense.

That’s where cloud solutions can transform and supercharge a company’s growth trajectory. Infrastructure as a Service (IaaS) and virtual desktops are just the start of what cloud computing can deliver a growing company.

It can also expand their staffing options (more in a minute about that).

Here are a few quick ways that cloud solutions can help your company grow with minimal pain.

Scalability That Keeps Up With Expansion

Perhaps the biggest benefit cloud solutions can offer your growing company is the ability to scale your infrastructure up or down with a few clicks of your mouse. One of the biggest side effects growth brings is bandwidth limitations and network overload.

When you switch over to cloud computing, your network instantly becomes scalable thanks to pay-as-you-grow solutions.

Rather than you having to make costly investments in hardware (think new servers and computers), cloud computing can provide unlimited vertical and horizontal scalability to meet your needs. This keeps your company from ever running into a situation where a lack of available resources hinders performance.

Or worse, causes downtime and lost productivity.

The specific solution for your company depends on your business’s unique combination of systems and software. But exchanging the upfront costs of adding more infrastructure for a flat monthly service fee means your company can focus on serving your customers while improving IT budget management.

Remote Access Through Mobility

Cloud solutions can also provide excellent mobility for your team, increasing productivity and expanding your work outside the confines of the physical office. The secure remote access that cloud technologies provide means your team can access sensitive data and systems from anywhere, anytime.

This means less downtime, more productivity, and more chances for growth.

By the way, that mobility carries over to personal devices, specifically smartphones. Cloud mobility allows your team to access data and systems in real time from devices on hand, increasing workplace connectivity.

Expanded Staffing Options

Though perhaps not the right fit for every company, there are plenty of SMBs that exist in smaller regions and markets which might not have as wide of a talent pool for new hires as they would like.

The remote access and mobility provided by the cloud equips your company to take on remote employees, or expand out into new markets and offices without suffering from connectivity or communication issues.

In the cloud, all files and systems update in real time, so all employees or potential hires get access to the latest versions of documents or other projects from almost anywhere in the world. Imagine what that kind of hiring pool could do to drive your growth!

Cloud Solutions Are the Future, Right Now

The cloud’s advantages go way beyond what they can do for your staff expansion needs. And it would be insincere of us to tell you that cloud computing is the future because, in truth, cloud computing has already nearly become the standard for SMBs and industry titans alike.

If your company is on an upward trajectory and you haven’t already considered a switch to cloud solutions, there’s no time like the present to get on board. Imagine all the future growing pains you’ll avoid!

3 Simple Ways to Promote Cloud Security

Many people are under the impression that cloud computing leaves a business more vulnerable to outside threats. With mobile employees and your data stored and processed at an offsite location, this must make your business considerably more susceptible to attacks, right?

Maybe. Maybe not.

It all just depends on your internal processes and procedures and the technology provider you choose to partner with — which is true whether you’re operating in the cloud or not.

Either way, here are three simple ways to promote cloud security within your business.

Passwords and Locks

The cloud provides a company with huge benefits — one of which is mobility. Employees can access business applications and data no matter where they are as long as they have an internet-connected device.

However, while mobility is an invaluable benefit for any business, it doesn’t come free of risk.

To reduce this risk, it’s important to create policies that force your employees to use strong passwords and to place locks on their mobile devices. This way, if an employee’s device is lost or stolen, the information accessible from that device won’t be readily available.

Public Wi-Fi and Unknown Devices

If you’re going to allow your employees to utilize the cloud as a means to work on-the-go, then you need to limit the “how” and “what.” In other words, the internet connection and devices they use.

For starters, employees should never access sensitive work data from public Wi-Fi hotspots. This is because public Wi-Fi hotspots are open, unsecured connections that can be intercepted by lingering cyber criminals. If an employee connects to a hotspot like this, a criminal may have the ability to see everything that person does, types, visits, or opens.

On top of this, you need to make sure your employees are selective with the devices they use to access information in the cloud. For example, if they decide to use a family member’s laptop, there’s no way to know for sure how secure that laptop is. It may already have some form of malware on it — which is obviously not good if that employee is accessing sensitive data or joining the device to the company’s network.

Partners and Policies

Even if your employees use strong passwords, keep locks on every device, and refrain from using unknown devices, this still doesn’t guarantee cloud security. At this point, you really need to do your homework and understand who your cloud provider is and how your cloud solution works.

Now, this doesn’t mean you need to understand the ins and outs of cloud computing. It simply means you need to know the basics — where your data is stored, how it gets there, and what measures your cloud provider uses to guarantee your data’s privacy and security. You can’t exactly keep your data secure if you don’t even know where it is to begin with.

As another helpful measure, it’s important to maintain a strong relationship and open communication with your cloud provider. Do this and securing your data will become a much more doable feat.

If you have questions about cloud security or if you’re thinking about transitioning to a new cloud solution, then give us a call or send us a message today. You can also learn a little about our technology services by reading one of our recent blog posts, The Time to Switch IT Providers is Now.

Making the Business Case for Virtualization

Challenging economic times push businesses to look for more efficient ways of doing things, even if these new ways include risks and learning curves. Adopting virtualization is one way companies are evolving to become more efficient, and thus, stay ahead of the competition.

However, as with any new IT initiative, often managers find they need to sell the new technology before their company will even think about adoption. After all, new technologies typically carry expenses, in the form of new hardware and software, and that learning curve mentioned above, which can be expensive, too.

When attempting to bring everyone on board with virtualization at your company, you’ll need to develop a carefully crafted business case. The following are ideas you can include that will help you sell the benefits of virtualization while easing concerns about risks and costs.

In short, virtualization removes the inefficiency of the old “one server, one application” model, in which many business servers are underutilized. With virtualization, one single server can function as multiple virtual machines, with each one having the ability to operate in different environments such as Windows, Linux, or Apache. When companies adopt virtualization, they are able to consolidate multiple servers onto fewer physical devices, helping to reduce space, power, and administrative requirements.

Virtualization offers quite a few other business benefits as well. For example, it helps with business continuity and offers complete data protection so your company is able to achieve continuous application availability and automated disaster recovery across physical sites. Virtualization allows you to simplify backup and recovery of your data and systems and to improve responsiveness through increased efficiency and flexibility. With all of these benefits on your side, your company’s IT will help drive innovation.

Let’s break down in detail the reasons that consolidating operations onto fewer servers can help your company. This consolidation allows you to:

  • Dramatically lower hardware costs and the associated cooling and space costs
  • Improve productivity across your organization and free up valuable IT time by simplifying your IT infrastructure, leaving more time to focus on strategic initiatives
  • Reduce costly downtime and streamline business contingency planning so you know your data is secure in the event of a natural disaster or another unforeseen event
  • Now, let’s examine the ways your business can use virtualization to improve efficiencies and reduce costs.

One of the best benefits of virtualization is lower server infrastructure costs. Consolidating excess server and desktop hardware increases utilization rates, and reduced hardware means lower energy bills, too. You’ll save floor space, as well, because virtualization eliminates server sprawl by allowing you to run multiple applications on a single server. Your company could even reduce hardware and maintenance costs by as much as half.

Virtualization makes your company more efficient because it improves staff productivity, allowing your IT team to focus on more strategic projects that can help speed time to market for new products or services you are developing. Since IT employees won’t have to order and set up a new server for every new application, you can get applications up and running smoother and more efficiently. And, with fewer technical issues to manage, your IT team can focus on improving customer service or developing new projects. Virtualization can be combined with cloud services to move your servers to a hosted environment adds even more benefits that could include extensive backups, improved failover and greater security.

Finally, backup and recovery get a huge boost from virtualization because your company is protected from downtime and disaster. Business continuity solutions can be expensive and complex, but even the smallest organizations can achieve a solid continuity plan with virtualization.

As you can see, there are plenty of reasons to consider adopting virtualization for business. Now, it is your turn to sell these points to your team so you can begin reaping the benefits of virtualization.