Compliance and the Cloud

Whether we like it or not, the tech world is changing: ZDnet estimates that the amount of data in the cloud will reach 1.2 zettabytes — that’s 1.2 trillion gigabytes. If written on DVDs, that’s enough to reach from the earth to the moon and back, by the end of the year.

This is good in some ways: storing data in the cloud frees up physical space and removes the burden of the business and consumer from storing data on site, but is bad because of the security nightmare it creates for businesses that must comply with data security laws.

Unsurprisingly, digital data — including data in the cloud — is subject to the same rules and regulations as physical copies of information. The HIPAA security rule mandates that businesses must:

  • Ensure the confidentiality and integrity of digital health records and;
  • Protect against threats and anticipated threats against that information

This seems simple enough when dealing with digital data in-house. While it isn’t completely easy to keep such data secure, housing the data on-site provides at least some benefit to the users hoping to keep information safe because they know exactly where it’s stored and are able to use their own security measures to do so.

But what about the cloud?

An article from arstechnica last year investigated this question, looking at Apple’s iCloud and attempting to find out exactly how secure it is. Ars concluded that:

  • “Your data [on iCloud] is at least as safe as when it is stored on any remote server, if not more so” and that;
  • “If your Apple ID isn’t a widely-known email address . . . your iCloud data is effectively ‘safe’ from hackers”

Even so, given that Apple won’t reveal what encryption practices it uses, it would be unwise (and likely illegal) to use it or another service like Amazon’s Cloud to store any sensitive information. The fact is, given the way the current ‘public’ cloud is designed, it’s just not possible to guarantee compliance with HIPAA and other data security laws.

So where do we go from here?

While there are some companies that claim to offer HIPAA-compliant cloud storage, at this point, the risks that come along with not knowing exactly how your data is being stored may outweigh the benefits mentioned above.

Given the way things are going now, it likely won’t be long before we start seeing more widespread HIPAA-compliant cloud storage. Until that happens, though, it may be best to stick to more traditional methods of data storage. The way the health care system is designed now just isn’t conducive to cloud storage — yet.

In the mean time, DataShield can help your business maintain compliance. We offer compliance consulting and will make sure your data stays secure in this ever-changing tech environment. Contact us today for more information.

Start protecting your documents and data now.