With the cloud becoming more standard in healthcare, using cloud services sounds more and more appealing to covered entities. The challenge, however, is finding a cloud service provider (CSP) in compliance.
Luckily, with cloud service providers coming to see the value of cloud services for medical organizations, their standards are improving.
Questions You Should Ask
- Where is my data stored? (where is the data center)
- For audit purposes you must know where your CSP is storing your data.
- How accessible is my data, and by whom?
- During an audit, your organization must be able to provide evidence of access controls and how they are controlled.
- Are they encrypting my data?
- Find out what type of encryption the CSP uses
- Where and how encryption is implemented
- Should be encrypted in motion and at rest
Cloud Service Provider Options
Workload requirements are usually the deciding factor in what cloud service is best for your facility.
Roles and Responsibilities
Just because someone else is managing your data, that does not mean you will not held responsible were the worst to happen. You are still considered the data owner and as such, are responsible for the safe custody of your patient data!
When entering an agreement with a CSP, ensure that your facility uses a HIPAA Business Associate Agreement (BAA). Be diligent when creating your BAA to hold the Business Associate accountable so they thoroughly understand their roles and responsibilities. Also ensure they use BAAs for any potential or existing subcontractors.
With a little due diligence, a good CSP like Novarad can take a lot of weight and burden off your facility, and give you more opportunities to grow and succeed without being tied down by data storage restrictions!
For more information or to explore Novarad’s cloud storage solutions, contact us by clicking here.
This post was written by Allie Robinson, a business policy analyst with Novarad.