HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Outsourcing IT to HIPAA Compliant Data Centers is a Viable Solution

Healthcare organizations are facing an increasing financial and logistical burden as a result of stricter HIPAA privacy and security rules. Additionally, as the volume of electronic data increases, healthcare organizations must allocate extra resources to their IT departments to ensure that the data is protected and IT systems are made more robust.

Most healthcare centers operate with strict budgets and often there are insufficient funds to develop the necessary IT infrastructure to ensure HIPAA compliance; however with audits being conducted by the Office for Civil Rights, doing nothing is not an option. Heavy fines are being issued for each instance of non-compliance found by the OCR which are far in excess of the cost of upgrading current systems.

In order to comply with current regulations, healthcare organizations must either invest in their IT departments and upgrade their existing data centers, or if this is not viable, construct new data centers and incorporate the latest technology, hardware and software to ensure the ePHI of patients is properly protected.

There is also a third option, which has recently been successfully adopted by Michigan Multispecialty Physicians (MMP). By outsourcing co-location to a managed HIPAA compliant data center, MMP has increased its ROI on internal IT resources, improved efficiency and ultimately improved patient care.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

The problems faced by MMP were not unique. Many healthcare organizations simply do not have the physical space to increase the size of their data centers to cope with increasing IT demands. It is not just a case of increasing the number of servers as MMP discovered.

The heat produced by the hardware required the installation of new cooling systems and as the IT demands grew; its data center was struggling to stay operational. New HVAC systems were required just to keep the existing servers operational, as under the current HVAC systems servers were frequently overheating and shutting down.

Along with the increased needs for new hardware, MMP was also faced with increasing burden to make sure that all of its systems were compliant with HIPAA, which included creating and documenting an IT disaster recovery plan, implementing new data security measures, controlling access to the data – both in standard operating environment and while running emergency procedures – as well as business continuity planning.

According to MMP Director of Information Technology, Erik Yochum, “We were feeling the pains of a growing company and outstripping our data center capacity. We were facing electrical, heating and cooling issues as well as running out of physical space.”

For MMP, outsourcing its IT requirements was the most logical choice and the decision was made to transfer the management and storage of its electronic data to Online Tech’s HIPAA compliant data center.

MMP has since enjoyed a significant return on its investment in IT and has managed to substantially cut costs. It no longer needs to pay to rent space for its own data center and suffer a loss, but instead it has reallocated the space to income generating uses.

Without an in-house data center, existing IT staff have been reallocated to other projects which are helping to improve response times and improve efficiency, which in turn means better patient care. Network administration staff has been reassigned to projects aimed at improving the end user experience and the move has enabled it to develop more intricate and useful systems to improve efficiency within its hospitals and clinics.

The outsourcing of the data center involved an instant upgrade to a 3-tier system and full HIPAA compliance. All hosting, network and security measures are now taken care of by Online Tech and MMP is assured that all of the physical and technical safeguards are in place to protect ePHI of patients, as required by HIPAA regulations.

More reliable IT systems are now being used which has greatly increased server uptime and access to data has been improved. Online Tech’s high availability power architecture also ensures that a failure in power supply will not affect data accessibility. A fully HIPAA-compliant IT disaster recovery solution and off-site data storage and backup is also provided by Online Tech.

Any organization struggling to meet the demands placed on it by HIPAA regulations could benefit greatly by outsourcing its data centers. Without the need to invest heavily in new hardware, the money saved can be put into keeping up to data with the latest technology and improving the end user experience. For MMP the move has been a great success and has eased both the administrative and financial burden placed on it by HIPAA data privacy and security rules.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.