The article, penned by our own general counsel Lee Bendekgey, is entitled “Cloud computing reduces HIPAA compliance risk in managing genomic data.” In it, Lee looks at the massive computational infrastructure required for handling new health data, such as genome sequences. “The resources required to process, analyze, and manage petabytes of genomic information represent a huge burden for even the largest academic research facility or healthcare institution,” Lee writes.
While it may seem counterintuitive, he adds, moving data to a cloud environment can actually improve data security. Lee considers HIPAA requirements and historic breaches of HIPAA-secured data, looking at what factors may have improved security in those situations where personal health information was put at risk.
Breaches tend to occur on items that are portable — flash drives and laptops, for instance — so keeping data in the cloud means that sensitive data never actually lives on one of these easily stolen or lost devices. Cloud computing providers routinely encrypt data while it’s in transit and at rest, adding to high-grade security. Medical organizations considering this route should ensure that a cloud provider guarantees security audits, certifications, and assessments associated with HIPAA compliance.
“By using a cloud-based service with an appropriate security and compliance infrastructure, an organization can significantly reduce its compliance risk,” Lee writes.