Traditionally the healthcare industry was classified as conservative when it came to IT strategy and spending, however, with the ongoing government reforms the need for innovative healthcare IT solutions is on the rise. As more hospitals and healthcare facilities become more dependent on IT, data center services are becoming a key solution to complying with government reform efforts, and also to ensuring patient privacy.
Healthcare decision makers are not in the business of building data centers, as their focus and primary concerns are quality of care issues. Yet, the selection of a colocation provider directly affects their ability to be successful in achieving cost savings and operational gains. When it comes to multi-tenant data centers (MTDCs) for colocation, hosting and cloud services, it is essential to understand how the vendor approaches HIPAA compliance. Regardless of how the IT landscape continues to change over the next few years, when it comes to reform in the US, we know that HIPAA compliance will never be an option; since the passage of the Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009 it is a mandate.
Focusing on regulatory compliance allows healthcare entities to future-proof their IT landscape as it continues to change; this translates to avoiding the substantial penalties set for those failing to comply. It is important to note that compliance cannot be outsourced. The CXO remains responsible for how the healthcare entity will meet regulations, and the decisions to choose vendors that will satisfy requirements is part of how compliance is measured. To get a more accurate picture of HIPAA compliance and how it applies in multi-tenant data center environments, here is a summary of terms:
Compliance: HIPAA defines compliance related to rules that support the legislation, including privacy, security and elements related to the administrative safeguards.
Protected Health Information (PHI): Information related to an individual patient and his/her medical status. It includes medical records and any associated information that can link medical status to a particular patient, social security numbers, home addresses, e-mails or associated billing information such as account numbers, license numbers or identifying photographs. Such PHI may exist in physical or electronic form, both of which are required to be kept secure, private and confidential.
Covered Entity (CE): Covered entities include any person or organization that collects, transmits or stores PHI information regulated by the HIPAA legislation; examples of CE would be insurance companies, hospitals, healthcare providers and community health information systems.
Business Associates (BA): BAs include organizations that may process health claims, provide utilization review services or provide insurance claim reviews. This includes IT outsourcing services being performed on behalf of the CEs.
As the market for healthcare data center services continues to expand, companies such as Internap help your business meet regulatory and best practice requirements. The task of finding HIPAA compliant hosting plans while securely handling massive amounts of data is no longer a challenge. Learn why Internap understands compliance and security as requirements for success.