Cloud computing reduces HIPAA compliance risk in managing genomic data

By Lee Bendekgey
September 04, 2013
08:14 AM

There is no question that the resources required to process, analyze, and manage petabytes of genomic information represent a huge burden for even the largest academic research facility or healthcare institution. That burden becomes even greater when one factors in the need to handle these data in compliance with an alphabet soup of regulatory regimes: HIPAA, CLIA, GCP, GLP, 21 CFR Part 11, and their counterparts outside the United States, including data privacy laws in jurisdictions such as the European community.

In this context, the use of cloud-based solutions to manage, analyze, store, and share data can provide some relief. Computer and storage resources are instantly available on demand. There is no need to lease brick-and-mortar facilities, purchase equipment, or hire staff to maintain them.

Despite the advantages of cloud computing, organizations are often hesitant to use it because of concerns about security and compliance. Specifically, they fear potential unauthorized access to patient data and the accompanying liability and reputation damage resulting from the need to report HIPAA breaches. While these concerns are understandable, a review of data on HIPAA breaches published by the US Department of Health and Human Services (HHS) shows that these concerns are misplaced.  In fact, by using a cloud-based service with an appropriate security and compliance infrastructure, an organization can significantly reduce its compliance risk.

A HIPAA Primer

The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), as amended by the Health Information Technology for Economic and Clinical Health Act of 2009 (“HITECH”), protects “individually identifiable health information,” which the rule calls “protected health information,” or “PHI.”  

Opinions differ as to whether a human genome, stripped of identifiers such as name or social security number, constitutes PHI. Whether these data constitute PHI depends on whether there are sufficient publicly available reference data sets to create a “reasonable basis to believe” that a genome can be associated with an identified individual. Recent publications suggest that if these data are not currently classified as PHI, they will be soon [1].  As a consequence, organizations that handle genomic data are well advised to implement systems that treat a whole genome as PHI, even if public reference data sets are not yet common enough to make it PHI today.

Entities that are obligated to comply with HIPAA are often particularly concerned with the obligation to report HIPAA breaches and the associated potential harm to their reputations. These reporting obligations create powerful incentives for organizations to implement systems and processes to reduce risk.

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story
EHR tips on migrating an all-digital hospital to Epic

Most Read

India to harness ABDM data to develop public AI
South Korea to digitise medical image exchange system
ASTP intros 2024 draft Federal FHIR Action Plan
VA must strengthen controls addressing EHR performance
CrowdStrike all but assures Capitol Hill: Never again
Korea's largest hospital bags APAC's first Stage 6 of new INFRAM

Research

White Papers

More Whitepapers

Patient Engagement
Patient Engagement
Financial/Revenue Cycle Management

Webinars

More Webinars

Imaging
Interoperability
Artificial Intelligence

More Stories

Agency cybersecurity infosec illustrated by many colored streams harnessed by a lock
OIG again deems HHS' infosec program ineffective
Joanna Lucas, RN, of St. Luke's University Health Network
Case and referral management technology gets big results for St. Luke's
Dr. Benoit Desjardins of the University of Montreal
Cyberattacks are becoming more widespread, and more disruptive
Northwestern Medicine
Northwestern Medicine announces international healthcare collaboration
BJ Schaknowski of symplr
Too many IT systems with limited alignment impacts care quality
Doctor in scrubs using computer
Tenet to deploy AI platform across its physician network
Healthcare CIO with other healthcare executives
Health system CIOs' strategic responsibilities continue to evolve
George Pappas at Intraprise Health_Digital shield and lock Photo by da-kuk/Getty Images
Tighter cyber mandates hold New York providers to higher security standards