Fielding Regulatory Change in a Cloud-Based World
By Jim Higgins
Jim Higgins is the CEO and founder of Solutionreach in Lehi, UT.
We all know that the United States has one of the most complex healthcare systems in the world — and much of this complexity comes from regulatory oversight. The vast number of rules and regulations that govern the industry can be absolutely confusing and overwhelming. Virtually everything that happens in healthcare is overseen by at least one regulatory body — and many tasks are overseen by multiple organizations. A recent study looked at the regulatory burden placed on health systems, hospitals, and post-acute care providers just by federal regulations and found that these organizations must comply with 629 independent regulatory requirements from nine different entities, and spend nearly $39 billion annually in efforts to stay compliant.
Some of the most important regulations have a huge impact on communication with patients. These are especially important to pay attention to, as patient communication is critical to practice success. Let’s take a quick look at some of the regulatory issues you should be paying attention to as you move into 2019.
What to Watch in 2019
The first step to staying compliant with all relevant laws and any changes is knowledge — you must understand what the laws currently say. The major regulations that you should be aware of related to patient communication include:
- HIPAA (Health Insurance Portability and Accountability Act)
- TCPA (Telephone Consumer Protection Act)
- CAN-SPAM (Controlling the Assault of Non-Solicited Pornography and Marketing Act)
- CASL (Canadian Anti-Spam Legislation)
- PIPEDA (Personal Information Protection and Electronic Documents Act)
At this point, there is nothing official in the works for the upcoming year for the regulations listed above. However, the TCPA tends to be litigated a lot, so there could be some incremental changes or rulings that you may need to adjust to in 2019. Keep a close eye on that.
In addition, patient communication may be affected by some other upcoming changes, including:
- General Data Protection Regulation (GDPR). This is a European regulation that went into effect in May 2018, and governs privacy and the protection of consumer information. You will need to comply with these rules if you serve anyone outside of the United States in 2019 and beyond.
- California Consumer Privacy Act (CCPA). This is a California privacy law that goes into effect in January 2020. It adds an additional layer of compliance over HIPAA when it comes to patient data.
Finding ways to quickly (and affordably!) respond to regulation changes like these is critical to the success of your organization. This is one of the benefits of cloud technology.
Compliance and the Shift to Cloud-Based Technology
Cloud computing has changed the world as we know it — and healthcare is not exempt. Cloud-based technology has been embraced as a win for both practices and patients alike. Experts note that the use of cloud-based technology has been proven to reduce costs, improve backup and disaster recovery, and make data easier to access. Cloud computing allows information to be passed easily and quickly between providers, patients, and labs. With secure, yet simple access from any location and a lack of cumbersome software updates, cloud technology is scalable — meaning that small practices can take advantage of the same technology that large enterprise organizations do without hassle. It’s easy to see why 84 percent of healthcare organizations use cloud-based services and 69 percent have plans to expand their use of the cloud.
How Does Cloud-based Technology Impact Compliance?
Cloud computing has been nearly universally embraced as a way to improve an organization’s performance, accessibility, and revenue. But it is also very good at responding to change quickly and effectively. Think about it — vendors can roll out updates and changes much faster on the cloud than old-fashioned, server-based systems (which have to be physically visited on site). In healthcare’s regulation-filled world, this speed and flexibility can be a huge benefit.
But is it Really Safe?
It hasn’t been that long since many healthcare professionals worried that using the cloud was far too risky. The thought was if all of that data isn’t locked down securely on your site, how could you be certain that the information was safe? If you could access it from anywhere, couldn’t cyber criminals do the same? Fortunately, the answer to that is a big NO.
According to one study, 91 percent of businesses said the cloud actually makes it easier to meet government compliance requirements. Data that was once stored in a physical location is now protected by advanced encryption methods online. This encryption makes sensitive information more difficult for unauthorized parties to access. In addition, the government has set up processes for organizations to take advantage of cloud-based services while staying compliant.
What should you do to ensure compliance when working on the cloud? HHS recommends the following:
- 1. Make sure service provider enters into a HIPAA-compliant business associate agreement (BAA).
- 2. Address specific concerns in a service level agreement (SLA).
- 3. Select a vendor that is reputable and experienced.
There are two truths healthcare organizations must acknowledge: Government regulations will always be a big part of the industry. And taking advantage of consumer-driven technological advancements (like the cloud) is critical to the future success of healthcare practices. Fortunately, these two facts are not mutually exclusive. With a little legwork, it is possible to stay ahead of regulatory change while still meeting the demands of today’s digital world.
More news: HIStalk.