Securing cloud-based health info
Denver firm answers calls for HIPAA compliance
Sure, identity thieves like stolen credit card numbers. But they love pilfered electronic health records.
“Credit card numbers are worth 50 cents or $1 on the open market,” says Sean Bruton, VP of product at HOSTING, a Denver-based data center provider. “Health-care records are going for $50.”
With cloud-based systems increasingly popular in the health-care world, this means there are a lot of bad guys lurking around every virtual corner. “Someone’s health-care record is a picture of their identity,” Bruton says. “That opens up a lot more fiscal opportunity for the criminal than a one-off credit card.”
Case in point: Anthem Healthcare, the second-largest health insurer in the U.S., fell victim to what it termed “a very sophisticated external cyberattack” in February. That meant the private information of 80 million customers and employees may well have hit the black market.
Against this backdrop, there’s also a lot more at stake for health-care providers and insurance companies. A new Health Insurance Portability and Accountability Act (HIPAA) Omnibus Rule in 2013 made organizations accountable for non-compliance and helped push them to outsource to providers like HOSTING.
“We make it easier for companies to comply,” says Bruton, noting that HIPAA “is so vague, you won’t find the word firewall anywhere in the bill.”
HOSTING has offered health-care organizations HIPAA-compliant services since 2008, but Bruton says the company has seen a “sudden uptick” in demand this year for its Healthcare Cloud.
“You’re seeing people saying, ‘Why am I in the data center game anymore?’” he notes. “It’s not something that’s in their wheelhouse. They’re focused on health care.”
Not that health organizations are free of any security responsibilities. Bruton uses the term “mutual accountability,” explaining, “I can’t make anyone 100 percent compliant.”
The Mental Health Center of Denver (MHCD) has been a HOSTING client since 2014. Dr. Wes Williams, MHCD vice president and chief information officer, says the primary motivation was the company’s former cloud provider couldn’t stem the tide of glitches, frozen screens and data loss.
While HIPAA compliance is a prerequisite for MHCD’s information-technology providers, Williams says it’s the sudden rush of new business from the Affordable Care Act’s Medicaid expansion that makes HOSTING invaluable.
The number of Coloradans covered by Medicaid rose from about 100,000 in January 2014 to nearly 175,000 in January 2015, Dr. Wes Williams notes. “That’s led to rapid growth in the population we can serve.”