HIPPA hiccups in the cloud are more noticed today. Everyday there is an announcement of a breach of the mandate. Personal and financial data stored in the cloud, is being disclosed daily to third parties and a number of data breaches are reported. The cause is attributed to sheer carelessness or malicious intent. The breach announcements that find their way into public domain are few compared to the actual number of breaches that really occur and remain unacknowledged. A report by the American National Standards Institute indicates that more than 18 million Americans have had their personal information stolen in the last two years.
The costs associated with HIPPA breaches are quantifiable. Companies encountering the breach are faced with large payouts. Individuals affected by the breach must be notified at company cost and insurance premiums increase dramatically. The reputation of the organization is placed in jeopardy as customers are wary of the organization and its security procedures. Operational costs increase as the staffs have to be trained to prevent future breaches and mitigate the impact of the current breach. Legal consequences may include lawsuits. It is infinitely better to secure the organization’s data stores against breaches than face the outcomes of a breach! The cost of a breach is often crippling and often larger than the cost of investing in a security system that prevents the breach.
The blame buck cannot be passed. The burden of data security in the cloud lies with the service provider, but the responsibility for the customer data lies with the enterprise. Neither party can afford to compromise the security of the information. While the service provider must ensure that there are sufficient security protocols built into the cloud systems on offer, the subscriber to the service must ensure that third parties to the data never gain access to the data in any manner—direct or indirect. They must ensure that the security systems are sufficient and even the service provider cannot gain access to the information stored in the enterprise databases. In the event of a HIPPA breach, the service provider and the customer will be held equally responsible for the event. Both parties will lose reputation and be faced with litigations that can prove burdensome.
So, if you are hic-hic-hiccupping with HIPPA, it is time to focus your attention on the provisions of the legislation and ensure that your cloud service provider or your data systems are not vulnerable and breaches do not occur.