Cloud storage and HIPAA compliance

Cloud computing reduces reliance on internal resources, cuts down on manpower requirements, and keeps you free from administration and fixing problems.

However, the fact that the botheration is on someone else with the implementation of cloud backup may not be an idea liked by all. To start with, the compliance officer, who must ensure that all data storage, backup, and archiving strategies are in line with the many different regulations and internal policies that govern how data is stored and for how long.

Ensuring compliance that relates to data storage is hard enough when storage is internal, but when using a cloud system, you’re relying on the provider. If you’re in healthcare for example, your internal strategies revolve around HIPAA, but if you’re a cloud provider, technically you’re not bound by the regulation. Because of these regulations, you will typically have to have a long-term data retention policy.

However, online backup services have often failed to meet long-term commitments. There have been several online backup services, including those run by very large companies such as Hewlett-Packard which have been unable to meet long-term storage strategies.

Another factor to be considered is who has the access to data and how is it governed. Compliance with HIPAA and other regulations call for strict access controls to be in place.

To sum up, when opting for cloud storage, one must always take in consideration the compliance legislation such as HIPAA or Sarbanes-Oxley and opt for in-house management if there seems to be any doubt.