JAMIA: Cloud computing, while constrained by regs, could make EHRs more appealing
“Cloud computing is gaining acceptance as a model for business IT applications because of its potential to increase capacity and functionality on the fly without any major investment in infrastructure, personnel or software licensing fees,” wrote Eugene J. Schweitzer, MD, of the University of Maryland Medical Center in Baltimore. “The National Institute of Standards and Technology believes that government and industry should work to overcome the barriers and migrate to cloud computing because it offers the potential for massive cost savings.”
While cloud computing service providers can’t simply implement HIPAA-required security processes and technology, Schweitzer suggested that implementation would not be difficult. A concern with storing patient information on a cloud platform is that the cloud’s architectural design allows multiple customers to share infrastructure, services and applications, but Schweitzer believes that clear customer understanding of clouds’ security controls and clear business associate contracts can eliminate this concern.
As third-party contractors, cloud computing service providers would be required to enter business associate contracts with customers who store patient health information in the cloud. Schweitzer said that these contracts should detail service levels, establish legal liability for breaches and specify that the cloud provider is not to access the patient information.
Schweitzer added that, while it might be tempting for providers to enroll in online EHR applications and enter business associate contracts on their own, they should seek legal counsel before putting patient information into a cloud.
“A worst case scenario for a healthcare provider could result by clicking through a series of friendly EHR sign-up screens and unwittingly agreeing to release the cloud provider from all financial responsibility for a security breach,” he wrote. “Far better for the EHR client to have legal counsel negotiate a detailed, meaningful business associate contract with the cloud.”
Schweitzer concluded by saying that cloud providers are already developing privacy and security standards for patient health information and cloud computing designs can help the federal government meet its expressed goal of enhancing patients’ access to their records, improving data exchange and reducing healthcare costs.
Read the article in its entirety here.