Healthcare, HIPAA and the Cloud, Part 1: Data Management and Primary Storage

Healthcare, HIPAA, CloudWhen you think about healthcare and data, the first thing that likely comes to mind is HIPAA. Ever since it was enacted in 1996, the Health Insurance Portability and Accountability Act has had a large say in how healthcare organizations treat sensitive patient data.

From the time you’re checked in, to any procedures or imaging you have done, to discharge, prescription, and payment data, HIPAA is all about keeping your information private and secure throughout the data lifecycle.

As data management technology has advanced, it has helped healthcare companies deal with these regulations and stay compliant. With the cloud and managed service models now becoming mainstream solutions for data and industries of all types, it’s a good time to check in on how cloud and as-a-service offerings — including software as a service (SaaS), infrastructure as a service (IaaS), backup and recovery as a service (BRaaS), and even object storage as a service (STaaS) — are helping healthcare organizations stay HIPAA compliant while making their everyday data management much more efficient. thought in this two-part feature, we’d track data through the lifecycle, and see how using the cloud can help healthcare companies.

In this two-part series, we’ll look at patient information throughout its lifecycle, from management and primary storage, to backup and disaster recovery, to learn more about how healthcare companies can benefit from the cloud and managed service options for data that has to be HIPAA compliant. Part 1 will address overall data management and primary storage, part 2 will look at backup and disaster recovery.

Data management

The benefits of the cloud when it comes to healthcare are very similar to that of other industries: easy scalability, flexibility, security, and cost benefits. The difference with healthcare organizations is the information they’re putting in the cloud. Healthcare companies deal with an almost incomprehensible amount of data types, and data. Just look at a typical hospital. It has all the billing, sales, and operational data that companies in other industries deal with, then on top of that it has ultra-sensitive patient data that helps them do their job and absolutely can’t be compromised.

The HIPAA requirements around this data differs, as well. Some has to be kept for seven years, other data for ten years, or even forever. This makes policy-driven information lifecycle management (ILM) absolutely critical. For example, many healthcare companies archive on tape and send it to a third-party archival system. This generally works, but requires IT resources to run the backups, ship the tapes, and complete all the other tasks involved. Then there’s the storage costs, which can build up quickly as data loads increase.

Data management features as part of a cloud-based, as-a-service solution can eliminate this manual labor. Automatically backing up data at preset intervals, along with moving it from primary, to backup, to archive as needed reduces the load on the IT department. And with the scalability and cost benefits of the cloud, it’s economical as well.

Primary Storage

When it comes to the cloud and HIPAA, storage is the real low-hanging fruit. Medical images, for example, are generally large files that build up quickly. PACS — picture archiving and communication system — is the imaging technology used for storing, retrieving, and and sharing all those MRIs, CT scans, ultrasounds, and X-rays, CT scan, MRI. This data grows significantly, by the day, in most hospitals.

This type of information, almost by definition, is perfect for the cloud. Of course, the security required for these files has provided some obstacles until recently. Recently, offerings and products have become available that provide critical aspects of HIPAA compliance like audit trails to verify exactly what information is held where, encryption at rest, and encryption in transit. If you look at some of the available vendor neutral archive solutions, for example, many have their own mechanism for encrypting files before they ever go into a cloud environment.

The availability of solutions like object storage as a service (STaaS) has also made primary storage in the cloud a boon to healthcare organizations. With its greater flexibility and virtually unlimited capacity, object storage is a scalable, cost-effective storage solution that can help organizations keep up with their data, while providing the security that HIPAA requires.

Clearly data management and primary storage are a great fit for cloud use when it comes to that HIPAA compliant data healthcare companies deal with. In the next blog we’ll look at how healthcare organizations can utilize the cloud and managed service offerings to manage data as it goes to backup and archiving, as well as disaster recovery.


To learn more about how KeyInfo can help with your compliance initiatives, click here.


Drew Woods
Senior Marketing Communications Manager
Key Information Systems