How managed services and the cloud can help you with HIPAA compliance (Part 2)

Managed Services, HIPAA, CloudThe drivers that are leading healthcare organizations to look at cloud and managed service options are many of the same that drive organizations in any industry: cost savings, simplified data management, and increased flexibility and scalability. As discussed in part 1 of this series, HIPAA compliance means that healthcare companies often need a few more features around security and data privacy to feel comfortable implementing a cloud or managed service solution.

In part 1 we looked at two areas that are already big drivers for healthcare companies to move to the cloud with a managed service solution: data management and primary storage. In this blog we’ll investigate backup and disaster recovery as a service, where healthcare companies have felt comfortable implementing these technologies, and where they still have a way to go.

Data backup

HIPAA rules are tight when it comes to data security. Since backup solutions have had the ability to encrypt data for a while, moving this information into cloud backup has been an easier transition for healthcare companies to make than for much of their other data.

Since these data volumes are large, there are other huge benefits managed service offerings in the cloud provide. IDC recently found that 30 percent of a typical organization’s IT budget is spent on data storage, with 60 percent of that storage space taken up by copies of data. The ability of backup as a service solutions to reduce duplication, like HP Store Once’s federated deduplication, can vastly reduce the footprint a company needs to store its sensitive data. Then, of course, there’s the virtually unlimited scalability of the cloud, for the data remaining that still needs to be backed up.

It’s important not to ignore the backup processes themselves, as well. According to HP, almost two-thirds of backup processes run more than 12 hours, and the failure rate is more than 5 percent. This isn’t surprising, given the vast amounts of complex data types that healthcare organizations have to back up. With solutions, like those from HP, that allow for quicker, more fail-safe backup processes, backup is less painful, and less likely to be compromised in any way. And features like deduplication that can seriously reduce the total volume of your backups, it’s no wonder the cloud has become a go-to for many healthcare organizations looking for easier backup solutions.

Disaster recovery

With the increased adoption of the cloud for primary storage and backup of healthcare data that needs to be HIPAA compliant, it might be surprising to hear that adoption of the cloud for disaster recovery is almost non-existent when it comes to data that needs to be HIPAA compliant.

There are a couple reasons for this. First, not all of the sub industries and organizations involved in healthcare have a good way of moving production to the cloud. Some healthcare apps, for example, are run on-premise and aren’t cloud friendly yet. If your DR system involves failing over to the cloud until on-premise is restored, those apps can be troublesome.

The second reason involves governance. Regulations require close tracking of a wide range of sensitive, personal data. While tracking can have some gateway into your cloud environment, when you consider virtual machines, for example, tracking can get a little more muddled.

That’s not to say that DR services are a non-starter for healthcare when it comes to HIPAA compliant data, there’s just more caution that needs to be taken. For example, organizations may be concerned about recovering into any sort of shared environment, or even running a production workload on a shared machine.

Therefore, some medical organizations are now looking more at managed DR options when they don’t want to do it themselves. KeyInfo, for example, can provide dedicated, managed environments. This provides many of the benefits of the cloud — including cost savings, scalability, and reduces management hassle — while also giving companies a dedicated environment.

HIPAA fundamentally changed how healthcare organizations treat, manage, and store their data. Likewise, the advent of proven, secure cloud and managed service solutions, including SaaS, STaaS, and BRaaS, has revolutionized how healthcare companies deal with this data. As healthcare organizations become even more comfortable with the cloud, and running certain apps there, adoption of cloud DRaaS solutions will surely rise. For now, making use of other cloud service technologies has allowed healthcare companies to offload many data management, storage, and backup tasks to focus on their core mission: patient care.

Contact us to see how KeyInfo can help with your HIPAA compliance initiatives.


Drew Woods
Senior Marketing Communications Manager
Key Information Systems