Verizon launches HIPAA-compliant eHealth cloud service
The hosted service includes a business associate agreement
Verizon's Enterprise Solutions group today unveiled a cloud services portfolio for the healthcare industry that it said can meet federal Health Insurance Portability and Accountability Act (HIPAA) requirements for safeguarding electronic health information.
Verizon is building its new SaaS and hosted services off its acquisition of cloud services provider Terremark and security services provider Cybertrust. Verizon is using two former Terremark data centers in Miami, Fla., and Culpeper, Va.
The new health-care-enabled services are: Colocation, managed hosting, public enterprise cloud and enterprise private clouds.
The Verizon data centers meet HIPAA security controls as well as other security requirements, according to Dr. Peter Tippett, chief medical officer and vice president of Verizon's health IT practice. Not only do the facilities meet HIPAA's physical security standards, Tippett said, but they comply with policy standards, meaning employees are trained in handling sensitive patient data.
The healthcare industry is notoriously wary of using third-party technology providers for fear of data breaches involving sensitive patient information. For example, only 16.5% of healthcare providers use any public or private clouds, according to research firm IDC. By comparison, 25.9% of financial services companies, another highly sensitive marketplace, use either public or private clouds, according to IDC.
Like a medical billing company that becomes a business associate of a healthcare provider, Verizon said it will sign a business associate agreement (BAA) with its customers showing it is HIPAA compliant.
"Healthcare is in the dark ages when it comes to the use of IT," Tippett said. "When your doctor refers you to another doctor [in another healthcare system], they typically dictate a letter and send it to the other doctor by mail. The only legacy technology that get a pass on security and privacy of HIPAA is the fax and telephone.
"HIPAA doesn't necessarily require a BAA for storing data, but ... having a BAA for data future-proofs the cloud strategy for the healthcare organization," Tippett said.
Through cloud services, healthcare professionals can collaborate, share patient information in near real-time and store large volumes of data for electronic health records and radiology images. In addition, healthcare organizations can centralize data so they can operate more efficiently, Tippett said.
While most large vendors such as IBM, Cisco, and Dell offer cloud services for healthcare, Verizon said it has separated itself from competitors by offering a BAA. Doing so makes Verizon as culpable for data loss or breaches as the healthcare company.
Lynne Dunbrackan, an analyst with IDC Health Insights, said she was unaware if any other public cloud offerings that offer BAAs. She call the move an important differentiator.
"Two-thirds of data breaches can be attributed to the theft of a device. That speaks to policy. And, that's part of the program Verizon is offering by training its employees. They've got a programmatic approach," she said.
Lucas Mearian covers storage, disaster recovery and business continuity, financial services infrastructure and health care IT for Computerworld. Follow Lucas on Twitter at @lucasmearian or subscribe to Lucas's RSS feed. His e-mail address is firstname.lastname@example.org.
Read more about healthcare it in Computerworld's Healthcare IT Topic Center.