Preparing your organization for HIPAA-compliant Cloud Computing


By: Jim Kane, Director, CIO Services


David McCament, Director, Healthcare/Payer Provider

Healthcare providers have an opportunity to take advantage of new, advanced technology in cloud computing.  Given the heavy industry regulation, it is important for health professionals to determine if cloud computing can provide them a secure, reliable, scalable, and inexpensive computing platform that can be used to facilitate healthcare customers’ HIPAA-compliant applications and data. HIPAA, which protects the privacy and security of certain health information, is a national standard that all healthcare providers need to be compliant with to secure “protected health information” (PHI).

Some key steps to preparing your organization for the cloud include the following:

  1. Rationalizing, simplifying, standardizing and reducing your organization’s application portfolio
  2. Implementing virtualization technologies at all levels to create a portable environment ready for the cloud
  3. Developing a cloud computing strategy to help identify business value drivers, service impact, and service capability
  4. Creating a corporate risk profile for cloud computing adoption
  5. Deciding where to place healthcare applications and data taking into account characteristics such as business importance, data sensitivity, processing security, and regulatory constraints
  6. Develop business case and determine the transformational roadmap to being the process of moving healthcare data to the cloud

As the “Great Healthcare Debate” continues the acceptance of cloud computing solutions – even in privacy and security-focused industries – is gaining traction. If implemented properly, the cloud provides a computing platform that can be used to facilitate a growing healthcare customers’ HIPAA-compliant industry and healthcare applications. In my next post I will address how healthcare businesses subject to HIPAA should carefully select a service provider with the capabilities to address HIPAA Privacy, Security, and Audit as well as provide secure, scalable, low cost IT infrastructure.

About the author

Jim has in-depth experience in assessing and managing complex IT Infrastructure engagements focused on helping corporations achieve their business objectives. He offers expertise in strategy assessment and development, statement of work, service level agreements, business-driven RfP development, transactions, contract negotiations and transition planning across IT Infrastructure areas and expertise in IT service management integration. Jim has worked with global enterprises in the automotive manufacturing, banking and financial services, healthcare, utilities, aerospace and retail industries, focusing on collaborative techniques with clients and service providers to achieve the desired business outcomes. He recently led the negotiation of a large infrastructure contract with a utilities company and a cloud computing transition. Included in this successful project was the development and execution of the sourcing strategy, assessment and transaction process and project management, negotiation strategy development and financial proposals and executive leadership communication. Jim is ITIL V3 Foundation certified and a thought leader on the topic of the digital workplace.