Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Verizon Launches HIPAA-Compliant Cloud Services

Posted on October 4, 2012 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Last month, I shared some of Verizon’s big plans for the medical space with you, including their desire to become the industry’s default carrier of secure healthcare data.  This week, Verizon has launched its cloud service line, and I wanted to share some of the details on how it’s set up with you.

Verizon’s Enterprise Solutions division is offering five “healthcare-enabled” services, including colocation, managed hosting, enterprise cloud, an “enterprise cloud express edition” and enterprise cloud private edition. In addition to the services, Verizon provides a HIPAA Business Associate Agreement which, one would assume, is particularly stringent in how it safeguards data storage and tranmission between parties.

The new Verizon services will be offered through cloud-enabled data centers in Miami and Culpeper, Va. run by Terremark, which Verizon acquired some time ago. Security standards include PCI-DSS Level 1 compliance, ITIL v3-based best practices and facility clearances up to the Department of Defense, Verizon reports.

In addition to meeting physical standards for HIPAA compliance, Verizon has trained workers at the former Terremark facilities on the specifics of handling ePHI, Verizon exec Dr. Peter Tippett told Computerworld magazine.

You won’t be surprised to learn that Verizon is also pitching its (doubtless very expensive) health IT consulting services as well to help clients take advantage of all of this cloud wonderfulness.

Not surprisingly, Verizon notes in its press release that “each client remains responsible for ensuring that it complies with  HIPAA and all other applicable laws and applications.”  If I were Verizon, I’d be saying that too, and doubtless states the obvious. That being said, it does make me wonder just how much they manage to opt out of in their business associate agreement.  Call me crazy, but I think they’d want to leave as much wiggle room as humanly possible.

The bigger question, as I see it, is how big the market for these services really is at present. According to the Computerworld story, only 16.5 percent of healthcare providers use public or private clouds right now. Verizon may be able to turn things around on the strength of its brand alone, but there’s no g uarantees. I guess we’ll have to wait and see.

HIEs And Health Data Ownership

Posted on August 16, 2012 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Without a doubt, patient consent for release of medical data is going to be an immense headache for HIEs. Though they’re poised to extend their tentacles into hospitals and practices across the U.S., we’re still far from sure how we’re going to keep the walls firm between what data patients have released and what they haven’t.

As Forbes contributor Doug Pollack notes, it’s still not clear whether you can limit access to say, just the psychiatric notes in your chart while releasing the rest of the content.  Even if you can, setting such minute permissions within each e-chart is an IT nightmare.

That being said, there’s a bigger problem afoot, one which Pollack dismisses but I do not. My question is this:  who owns the data that travels across an HIE?  While IANALADWTB (I am not a lawyer and don’t wish to be), my research suggests that an already fuzzy issue is just going to get fuzzier.

While it may be beyond dispute that a patient owns the right to access their health data and control who gets to see it, who owns the patient data if an HIE breaks up?  The hospitals involved?  The doctor?  The patient?  Do they engage in a country-fair rope pull to see who wrestles down ownership?

And that’s only the tip of the iceberg. Consider that networking giants like Verizon Enterprise Solutions are planting their humungous stake in the HIE arena, and things only get more complicated.

Verizon just signed a deal under which it will manage the HIE infrastructure for Pennsylvania-based managed care giant Highmark, one which embraces more than a dozen hospitals.  If the HIE contract were to go sour, would Verizon just turn over its data backups to the hospitals, Highmark and affiliated physicians without a fight?   Or would it be to its legal advantage to stall, stall, stall while patients waited and hospitals fumed?

Regardless of how the law evolves on the matter, there are going to reasons for spats when partners representing different interests come together on an HIE.  I’m betting data control will lead to some of the biggest ones.

Things may go smoothly in the new era of HIEs, but if they don’t, the whole darned “sharing” thing could come crashing to the ground.  And hospitals that try to stand up to deep-pockets giants like Verizon and Highmark may live to regret it.