Blue Cross Among the First to Work Around HIPAA and Into the Cloud
Blue Cross Blue Shield has managed to balance HIPAA regulations, business concerns, and IT issues while transitioning to the cloud. For any healthcare company to match their success in that endeavor, they’ll need comprehensive and proactive capacity management.
Part of what’s slowed the healthcare industry’s transition to the cloud has been the onerous, but entirely necessary limitations placed upon it by HIPAA regulations. Blue Cross Blue Shield (BCBS) has been among the first major healthcare insurance providers to migrate critical services to the cloud while successfully navigating the murky waters of HIPAA’s privacy legislation.
Industry professionals should follow their lead with the understanding that cloud migration is not simply a legal hurdle, but also an operational and technological one. To ensure that those three needs are met, you need a reporting system that can comprehensively monitor both data and IT systems. In short, a proactive capacity management system can dramatically increase the chances that your cloud systems not only work as-intended for HIPAA compliance, but generate sustainable returns for your business once moved to the cloud.
TechTarget recently interviewed the architect behind BCBS’s still ongoing transition to the cloud, manager of the information governance office Matthew McClelland — and his advice for other healthcare organizations is equal parts practical and philosophical.
McClelland says the decision to migrate into Office 365 and Azure came from a need to both drive down costs and to re-orient the company’s operations to prepare for a cloud-based future. “From an information governance perspective, exploding volumes of data require changing your mindset… We were a traditional insurance company that's 80 years old, and we act that way sometimes.”
For such companies, traditional records systems do a poor job of handling the sheer magnitude of data in today’s digital health markets. Protecting that data is essential to establishing the trust of patients, as well as a critical component of HIPAA compliance. In fact, data breaches are all too fresh for BCBS; just last year, hackers gained access to health records (including SSN info) at Anthem, a BCBS-affiliated insurer, affecting as many as 80 million patients, according to Forbes.
Legal departments can offer a framework for approaching HIPAA compliance laws, but they obviously can’t solve the problem themselves — it’s fundamentally a technological issue.
So what’s Blue Cross’s secret for aggressively and confidently moving cloudward? McClellan says, “The big key is that you have to align IT, legal, and the business. You have to be connected to legal to understand changes in the law, and be connected to the business to understand their needs.” In keeping, he argues that without software to organize the massive amounts of data involved, “you'll never get anything done. You need a tool that will report back to you on what's there, based on the guardrails you have created for it, based on your regulatory requirements.”
In essence, this would have to do capacity management by culling data from each of your IT systems to determine both the current performance of applications and systems and their risk for future problems. It must be cost-effective for healthcare and insurance companies to support not only their current systems in the cloud, but additional safeguards and processes that ensure legal compliance and security.
With this kind of ability to proactively manage IT infrastructure, McClellan says that the BCBS IT department could not only avoid risks and reduce costs, but provide additional value for the business. In turn, they can get insurance products to market faster, streamline processes, and provide better value to their customers.
(Image credit: Donald Tong/Pexels)