HIPAA BAAs and How They Apply to HIPAA-Compliant Cloud Hosting


By Laurie Head

AIS Network VP, Marketing Communications

All HIPAA/HITECH-regulated organizations in the process of selecting a HIPAA-compliant cloud hosting provider should expect their chosen vendor to sign a HIPAA/HITECH Business Associate Agreement (BAA).*

But here’s the rub.  It’s easy to find a cloud hosting provider who says, “Yeah, we’ll sign a BAA.”  However, it’s quite another to find a provider who is a HIPAA BAA expert and can help you understand what your BAA means.  AISN is that expert.

It’s critical for organizations to understand that it’s not enough to say, “Yeah, we’ve got a signed BAA.  We’re good!”  Your BAA is not just a piece of paper that you read only when a problem arises.  You should understand what you’re signing.

Why?  Under the new rule, your exposure to penalties is increased.  You’re responsible for protecting your PHI and ensuring that any subcontractors you use are also compliant.  If the cloud hosting provider whom you have chosen to access your electronic Protected Health Information (ePHI) fails an audit or commits a data breach, responsibility also falls on you.  (For this reason, it’s smart to get a network vulnerability assessment from an independent auditor who does not maintain the vendor’s network.)

How can AISN help?  Unlike most generalist and commodity hosting providers, AISN is a HIPAA cloud hosting expert.  We provide clients with the assistance they need to understand and comply with HIPAA/HITECH throughout all facets of the engagement process.  Before any ePHI and apps are moved to the cloud, AISN helps you put in place an appropriate and effective BAA – a policy that is highly specific to the data that we protect and the cloud hosting and services that we offer.  Then, our experts will guide you through the process of understanding your own rights and responsibilities, as well as AISN’s, as established under the BAA.

Have some questions about BAAs and HIPAA cloud hosting?  We can help.  Contact us!


* A HIPAA Business Associate Agreement (BAA) is a written contract between a HIPAA-covered entity and a HIPAA business associate (BA).  It defines the responsibilities of each party to safeguard PHI in accordance with HIPAA guidelines.  To learn more, see the U.S. Department of Health and Human Services’ expanded definition: http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/contractprov.html

1 Comment »

Most Health Care Organizations Are Embracing the Cloud, HIMSS Survey Reveals


By Laurie Head

AIS Network VP, Marketing Communications

Our CEO, Jay Atkinson, had the opportunity to attend the annual HIMSS conference in Florida earlier this year and found it entirely exciting and educational.  For those of you who are not familiar with HIMSS, it’s a cause-based global enterprise that produces health IT thought leadership, education, events, market research and media services around the world.  It’s also quite an established group.  Having been founded in 1961, HIMSS encompasses more than 52,000 individuals, of which more than two-thirds work in healthcare provider, governmental and not-for-profit organizations across the globe, plus over 600 corporations and 250 not-for-profit partner organizations, that share the cause of transforming health and health care through the best use of IT.  

One of HIMSS’ latest endeavors is an inaugural, broad-reaching survey of health care organizations — all on the topic of cloud adoption and cloud services.  Released last month, the HIMSS survey found that nearly all cloud adopters in the health care industry plan to expand their cloud services at some level.  Areas for growth include archived data, disaster recovery and hosting operational apps and data.

I thought I would share some of the findings by reprinting the HIMSS press release in this blog:

80 Percent of Healthcare Organizations Embrace the Cloud


CHICAGO (June 16, 2014) – Results of the inaugural 2014 HIMSS Analytics Cloud Survey show the widespread adoption of cloud services among healthcare organizations across the U.S., with 80 percent of the 150 respondents reporting they currently use cloud services. The top three reasons for adopting cloud services include lower maintenance costs, speed of deployment and lack of internal staffing resources. The survey shows a positive growth outlook for cloud services as almost all healthcare organizations currently using cloud services plan to expand their use of these tools. To review the results in a visual format, download the infographic here: http://bit.ly/1nBsA6j

Half of the cloud adopters are hosting clinical applications in the cloud, primarily using Software as a Service (SaaS). Other typical cloud services include Health Information Exchange (HIE), hosting human resources (HR) applications and data as well as backup and disaster recovery.

“Cloud services have been long praised as a tool to reduce operating expenses for healthcare organizations.  The data presented in our inaugural survey demonstrates the healthcare industry’s eagerness to leverage this resource,” said Lorren Pettit, Vice President of Market Research for HIMSS Analytics. “With such a positive market outlook, we hope vendors will leverage the business intelligence gleaned from this report, continue working with providers to meet their needs, and help healthcare organizations provide the most cost-efficient care.”

Healthcare organizations take into consideration a number of factors when selecting a cloud services provider.  The top concerns for healthcare organizations seeking cloud services are the cloud services provider’s willingness to enter into a business associate agreement (BAA) as well as physical and technical security.

Even after a cloud services provider has been selected and the cloud services have been adopted by the healthcare organization, there are still challenges.  Two-thirds of healthcare organizations have challenges, including a lack of visibility into ongoing operations, customer service, as well as costs and fees.

Half of the respondents also identified performance issues, such as slow responsiveness of hosted applications as a problem, but were willing to work with their existing cloud service provider to resolve their issues, rather than switch to a new one.

Interestingly, a small fraction of respondents expressed a resistance to adopting cloud services (six percent). Of these respondents, nearly half cited security concerns as the primary barrier to their willingness to adopt cloud services.

“Many Healthcare CIOs and others have expressed their intention to use cloud services. However, there are some challenges related to use in healthcare and these are what we hoped to uncover,” said Lisa Gallagher, Vice President of Technology Solutions for HIMSS.  “Our next step is for the healthcare industry to work with cloud service providers to move forward together in addressing these challenges.”

To learn more about the findings for the survey, which examines the responses of 150 healthcare organizations – including medical practices, hospitals, and healthcare systems – visit the HIMSS Analytics website.

About HIMSS Analytics

HIMSS Analytics collects, analyzes and distributes essential health IT data related to products, costs, metrics, trends and purchase decisions.  It delivers quality data and analytical expertise to healthcare delivery organizations, IT companies, governmental entities, financial, pharmaceutical and consulting companies. Visit www.himssanalytics.org.


1 Comment »

Cloud Storage Market Growing to $46.8 Billion; Private Cloud Is a Driver



By Laurie Head

AIS Network VP, Marketing Communications

The total cloud storage market is expected to reach $46.8 billion over the next four years with a CAGR of 40.2%.  That’s according to a new market research report “Public/Private Cloud Storage Market (Incl. Cloud Storage Gateways, Backup and Recovery, Data Movement and Access, Data Replication, Hsm and Archiving, Security And Storage Resource Management Solutions) – Worldwide Forecasts and Analysis (2012 – 2018)” published by MarketsandMarkets.

Where’s all the growth coming from?  The digital data being produced by a huge number of small, medium-sized and large enterprises is increasing at a very fast pace, creating greater need for secure data storage systems. Cloud storage, which is a networked virtual pool of enterprise-class storage, serves the data handling needs of organizations by providing cost efficient data management and a secure and reliable storage infrastructure.

Also according to the report, the global private cloud market is expected to grow from ($5.6 billion in 2012) to $46.8 billion by 2018, at an estimated CAGR of 40.2% from 2013 to 2018.  North America commands the largest share; it had 60 percent of the overall cloud storage market in 2012 at $3.4 billion and that figure is expected to reach $21.8 billion by 2018.  That’s a CAGR of 33.8% from 2013 to 2018.

According to MarketsandMarkets, “The emergence of the digital trend has accelerated the volume, speed and variety of unstructured data generated, commonly known as Big Data. But, with the amount of data expanding, organizations face the challenge of storing the data securely and at a low infrastructure cost. This will force enterprises to migrate limitless amount of data and solutions to the virtual environment or cloud storage, without being required to spend too much on infrastructure.”

In the years ahead, the cloud storage market will continue expanding steadily largely due to the growth of Big Data.  Most enterprises, including small businesses, are rapidly adopting gateway tools to integrate into their existing architecture some means of cloud storage.  The process of doing this is becoming easier and easier, which is driving cloud storage adoption – particularly private cloud storage.

How can we help you integrate private cloud storage into your architecture?  Contact us for a free consultation.


1 Comment »

Mesh Networks: Bridging the Gap with Smartphones



Mesh Network

Mesh Network

By Donna Hemmert, VP Strategy

Trends like the Internet of Things are bringing more and more devices online and at breakneck speed.  Have you ever wondered how far Internet infrastructure can take us?  Is it infinitely scalable?  And even if it is, will it always scale at the speed we need it to? 

I have been researching Mesh Networks for a while and an article by Micha Benoliel on GigaOm came out this week that really makes some good sense.  His point? We aren’t keeping up with the gap between capacity and demand and we see the impact in the form of slow data connections and high prices on broadband Internet. He makes a good case for how Mesh Networks, using the Smartphone in your pocket, can bridge the gap. So, what are Mesh Networks and will they really make a difference?

Mesh Networks are wireless networks that rely on small number of access points (nodes) to connect users.  These nodes “talk” to each other to share the network connection across a large area.  These nodes are small radio transistors that use common WiFi standards like 802.11a, 802.11b and 802.11g.  This means they often use existing and/or inexpensive technology and can wirelessly connect a whole city or more.  Dynamic routing is utilized and data travels from node to node on the quickest and safest path.

Because  a Mesh Network is truly wireless, it is not like a traditional wireless network that require miles upon miles of Ethernet cabling – dug into the ground or in your walls in your home.  And with Mesh Networks, only one single node has to be physically wired to a network connection.  If that single node is wired, it can then broadcast and share its Internet connection wirelessly with many other nodes, which in turn share the connection wirelessly with the nodes closest to them.   The more nodes, the wider the mesh network goes…. get the idea?

Mesh Networks are getting a lot of attention for several reasons – they are cheap, they are easier to deploy, they rely on already prevalent WiFi standards, they are decentralized, and if one the data can’t take once path then another path can be used by hopping other nodes.

So back to Micha Benoliel’s recent article.  With a rising gap between capacity and demand, the smartphone in your pocket has all it needs to be a router.  Your smartphone can become part of a new generation of networks  - an actual node on a Mesh Network.  Can you imagine harnessing all that power?  As Micha put it, “It’s like crowdsourcing the network.” All it requires is the software and the willing parties.  Be sure to check out Micha’s article here and comment below.  What do you think?

1 Comment »

SharePoint and the Crypto Locker Virus



By Terry Engelstad, Vice President, Network Operations


Last month, a client emailed with the following question, “We have had reports of one of our external SharePoint users that ended up with a ‘crypto locker’ virus.  It is possible that documents from this infected computer got uploaded into SharePoint.  In cases like this what is your recommendation for virus scanning of the SharePoint servers/SharePoint databases ?  What preventive/corrective action needs to occur?”

That’s a great question!

At the time, the servers in question had Trend Micro AntiVirus running on them.  The virus patterns were being maintained current every day.

When I got this question, I reviewed the server logs, which indicated no viruses found.  It is unlikely that the servers would be infected by a virus.

SharePoint does not treat uploaded/downloaded files as active files.  It treats them as a binary stream which gets stored/retrieved as a BLOB (Binary Large OBject) object type in SQL Server.  Therefore, SharePoint itself won’t become infected.  But, as this client hinted, uploaded documents could be infected outside of the SharePoint server.

There are third party products which could be installed on the server and those would scan uploaded/downloaded documents.  If a client is interested, why not explore the options?

Just remember:  Preventative action should include a mandate of properly installed anti-virus software on every client to whom you give out credentials.


1 Comment »