Cloud storage is quickly becoming the popular way to save files. Features that draw customers in include easy access of files, anywhere access, and automatic backup — making it understandable why more and more people are using the cloud as a way to backup important information. Business are quickly finding how useful cloud storage can be.
Rather than spend a small fortune on equipment and utilities to keep backups of important files locally, they can spend a fraction to store and maintain their files offsite, workers can continue to access and collaborate on projects no matter where they are.
The biggest thing that gives most companies pause is security, many companies have stringent security guidelines they must follow in order to maintain their documents; a big security concern is not only the encryption and safety of their data, but whether or not it meets HIPAA regulations.
HIPAA and The Cloud
The Health Insurance Portability and Accountability Act (HIPAA) guidelines protects any information that can be linked back to health-related information. The security rules within HIPAA establishes the protocol in which patient information can be stored electronically. The Privacy Rule standardizes what information can be shared, with whom it may be shared, and establishes the safeguards that must be in place to transmit and store this information electronically.
When the HIPAA guidelines were originally introduced in 1996, the intent was to make transferring and protecting this information a standardized procedure. The idea behind HIPAA is sound, no one wants their medical information to be easily accessible. There may be medical issues in the past that are no one’s business. As a result, however, it has become difficult for a person or entity to locate missing individuals who may be receiving hospital care.
The restrictions set into place by HIPAA also makes it difficult for medical institutions such as hospitals, nursing homes, and doctors’ offices to take advantage of all that cloud storage has to offer. Some companies may fall under the guidelines of HIPAA without realizing it, as these guidelines apply to any company or organization that has information which can easily match personal information to medical information. Individuals don’t necessarily have to follow HIPAA guidelines, but they must be careful if they are acting as a business representative.
For a medical entity to be considered HIPAA compliant, they must have the following technical requirements.
- Unique User Identification
- Emergency Access
- Automatic Log-off
- Encryption and Decryption
- Audit Controls
- ePHI Integrity
- Transmission Security
This is on top of a lengthy list of requirements for administrative purposes, which includes risk management and analysis, security reminders, emergency modes, and contingency plans should the data get hacked. The group also has to be able to monitor and report on any login discrepancies.
These restrictions can be difficult to adhere to with traditional cloud services. Not all providers offer the level of monitoring, encryption, or user identification that is required by the Act. However, with the way technology is changing, cloud providers such as Dropbox, Box, and now Mozy are making a push forward to ensure that these regulations are being met.
Mozy Redesigns Their Security to Meet HIPAA Standards
Mozy (Editor Rating: ) began in 2005 and has grown into one of the leaders of the cloud storage game. With over 6 million individual users and 100,000 businesses tapping Mozy for their data storage, it is no surprise that they are on the bleeding edge when it comes to making the cloud a place for all businesses to keep their information.
In an effort to gain more business, Mozy has recently made some changes they believe will be for the better. For starters, the company is introducing Corporate Key Support. This new feature allows companies to utilize their own encryption key through the use of the Mozy Synce feature. The idea is to give companies more control over how the information they store is encrypted. It helps them to ensure they are meeting their own security guidelines on stored data.
Another new feature Mozy has added to their line up is the on-premise connector interface. This new interface connects directly with LDAP-capable directory services and transfers that information to Mozy. The on-premise connector means that the companies directory service is not exposed externally, providing an added layer of security.
A final feature Mozy has added in an attempt to appeal to medical markets, is HIPAA compliant data protection. This feature allows businesses to adjust their cloud security settings in order to ensure the end-user data is protected in accordance to HIPAA’s lengthy and highly restrictive guidelines.
Being HIPA compliant is a good move. More and more companies are moving to cloud storage, and this allows Mozy to be in among the leaders in HIPAA cloud compliance.