File sharing and cloud computing, is it permitted under HIPAA?


By Aris Medical Solutions


With all of the new technology that we have access to, many vendors are targeting healthcare with promises of ease of use and the ability to communicate with other healthcare providers. Before you agree to “share” or open your “portal” you must ensure the vendor or service you are going to use actually understands HIPAA and the requirements.

File sharing and cloud computing are here to stay. As we move forward with sharing patient data amongst our peers, you will need to be vigilant with your security.

Here are a few things to review:

  1. Network misconfigurations are very common, review your data flow, including how data is transmitted and stored.
  2. Backup your data!
  3. When access is given to an employee, contractor, or vendor, once the need for access is no longer required, terminate their access credentials immediately.
  4. Although most providers do not think hackers are a problem for them, they are! Your network security is vital and you must use a trained professional to set up your network and your file sharing configuration. If your IT professional does not specialize in network security, then hire a network security auditor to conduct a vulnerability scan after you have implemented your systems. A good vendor will mitigate your risks as they scan your network.
  5. Make sure you have a HIPAA compliant business associate agreement in place.
  6. Review the service agreement. Make sure it includes specific business expectations.
  7. Invest in cyber liability insurance.

File sharing and cloud computing are wonderful tools that can be used in healthcare if setup properly and securely.


For more information on how Aris Medical Solutions can help your organization with HIPAA Compliance and Protecting your Practice call 877.659.2467 or click here to contact us.

“Protecting Organizations through Partnership, Education, and Support”

About Suze Shaffer

Suze Shaffer is the owner and president of Aris Medical Solutions. She specializes in HIPAA compliance, risk management, and cyber security. She believes that by educating her clients in understanding why and what needs to be done to protect their practice they have a better outcome.

Suze has been instrumental in helping clients nationwide with risk management, implementing privacy and security rule policies and procedures, and ultimately protecting patient data. She includes state and federal regulatory requirements to ensure clients are protected in all areas.

She has spoken at numerous conferences and functions. She continues to educate organizations how to minimize the risks of data breaches. HIPAA compliance is not an option, it is mandatory for every organization that comes in contact with protected health information to have reasonable and appropriate security measures in place. Unfortunately, most organizations don’t realize they are not compliant until they suffer a data breach or they are faced with an audit or investigation.

Did you know that the Office for Civil Rights (OCR) is the agency that investigates data breaches? Have you seen the heavy fines that have been imposed for non-compliance?

All 50 states now have their own set of privacy laws and the State's Attorney General may also investigate privacy violations!

Share This HIPAA Blog

How to protect yourself from Ransomware

July 18, 2017

Websites – is your data secure?

August 15, 2017
©2022 Aris Medical Solutions – HIPAA Risk Management | HIPAA Compliance Consultants | All Rights Reserved | Terms and Conditions | Privacy Policy
The content and images on this website is owned by Aris Medical Solutions and their owners. Do not copy any content or images without our consent.
Powered by Bandwise LLC