hipaa cloud compliance

Choosing a data storage solution for healthcare organizations: cloud, onsite or hybrid?

Still a complex task, data storage for modern healthcare organizations is less of a hassle than it used to be – thanks to the evolution of technology. Data storage options for healthcare organizations have evolved away from traditional data silos and more towards the cloud. However, the question remains whether cloud-hosted data solutions are the best option for healthcare organizations with sufficient room for on-site data storage.

There are several factors to consider when deciding between cloud storage and on-site data storage, given the data security considerations unique to healthcare organizations.

Compliance with HIPAA regulations

When it comes to cloud-hosted data storage, compliance is a core concern for healthcare organizations – especially considering the consequences of proven data breaches. One recent example points to the $100,000 fine levied to the  Utah-based healthcare facility for non-compliance with HIPAA data security measures.

Notwithstanding, the need for compliance is not limited to cloud-hosted solutions. There is an equally pressing need for the implementation of adequate security measures for physical data, the hardware used for data housing as well as the physical location of the data center.

The key difference between compliance requirements for on-site data storage compared to cloud data storage is that with on-site data storage, physical involvement in implementing security measures creates an awareness of current levels of protection. With cloud-hosted data storage, this awareness is often limited to the data host, while the facility/healthcare organization remains liable for any data breaches.

Data privacy

The 2013 completion of the NSA’s data Utah-based data center brought the issue of data privacy to the limelight – for many, for the first time. For residents, the physical edifice represented mass surveillance, big data, and a general uncertainty over how to deal with both.

While the NSA’s data center represents a physical reminder of data storage, the beauty of cloud-hosted data lies in its ability to offer the same service (data storage) conveniently, and without the cost associated with investing in expensive hardware.

There is another side to the coin, however. In the field of healthcare, where strict adherence to privacy regulations is paramount, off-site data storage can appear unappealing. For some organizations, the loss of control over actual data storage, and the idea of “inaccessible” digital records might be a huge deterrent to cloud hosting. For these organizations, a significant level of trust in the data host will be required to instill full confidence in cloud-hosted data storage as the right decision in this instance.

On-site data center cost considerations

There are significant financial and labor costs involved in setting up on-site data centers, which can appear prohibitive. However, for a better understanding of what the ‘true costs’ are, it is necessary to assess the key factors involved, to aid decision-making.

Key cost factors for on-site data centers

  • What is the cost of the computing hardware required?
  • Is there a reliable electrical infrastructure in place to avoid power outages? If not, what costs are involved in an upgrade?
  • What is the best way to integrate a cooling system to combat the inevitable high levels of heat generation in the physical space?
  • What security features will be implemented to keep the physical location secure from outsiders?
  • Are the firm’s existing operating systems and software compatible with the on-site data servers?

There is a need to take the organization’s budget and capabilities into consideration when evaluating the choice between cloud hosting and these key factors involved in on-site hosting. While some organizations will be better equipped to handle these challenges, a significant number of small and medium-sized health organizations may lack the time and funding required to set up an on-site data center.

With these in mind, it is also important to remember that hybrid data hosting is also an option.

The hybrid option tends to benefit organizations not financially equipped to fund an on-site data storage system, but which also prefer to keep legacy applications private in in-house data storage systems. Gartner, reports on the growing popularity of this set-up within the healthcare industry as it allows for partial on-site data storage as well as partial off-site cloud-hosted storage. Hybrid models allow small and medium-size health organizations to retain some control over their data, in a way that is not financially crippling.

In conclusion,  when it comes to the choice of data storage solutions for healthcare organizations, there is no one-size-fits-all solution. The important thing to do is to consider all of the pros and cons of each setup and take into consideration the resources and space you have available before settling on a particular data storage solution.

Share this post

Share on facebook
Share on twitter
Share on linkedin
Share on pinterest

Leave a Reply