Cloud computing is not just on the healthcare horizon. Partial and pure-play cloud computing architectures are already serving healthcare information technology needs in the U.S.
…When it passed the stimulus act, Congress included several more stringent privacy provisions, including several taking direct aim at vendors of PHR systems, cloud-based on not. The new law sought to place PHR vendors under the same privacy and security rules as hospitals and office-based physicians and other so-called “covered entities” pursuant to the Health Insurance Portability and Accountability Act of 1996. Google and Microsoft Corp. have expressed varying degrees of reluctance toward acknowledging their PHR operations have HIPAA obligations…
Privacy advocate Deborah Peel said renting servers and storing healthcare information in large “ultra-secure facilities,” typical of cloud computing operations, “has always made sense to me. Servers in closets are going to go the way of dinosaurs. They just have to.”
But to allow a company to move healthcare data around a cloud “anywhere in the world is going to be a nightmare,” said Peel, a psychiatrist and the founder of the Austin, Texas-based Patient Privacy Rights Foundation.
“Where are the servers? If data is moved among various facilities, who certifies security among them? You get into the weakest link problem,” which, she said, might also include legal issues if the data is stored in a country with weaker privacy standards than the U.S. Not that the U.S. is a global paragon for privacy rights, according to Peel. “It’s kind of ironic to say they ought to be in the U.S., because the U.S. may not be the best place in the world, but it has to start somewhere,” she said.