Citrix Addresses HIPAA Compliance With ShareFile Cloud For Healthcare

With the recent updates to the Health Insurance Portability and Accountability Act Omnibus, Citrix ShareFile unveiled on Tuesday its updated and new virtual private cloud solely for the healthcare market.

ShareFile, owned and acquired by Citrix in October 2011, offers a file-sharing, cloud-based storage platform. The Raleigh, N.C.-based company is leveraging the latest ShareFile Cloud for HealthCare to healthcare providers in keeping up with Protected Health Information (PHI) compliance, said Cameron Jahn, product marketing manager of Citrix.

"HIPAA compliance is a partnership between ShareFile and customers and we wanted to be transparent as possible to educate our customers around it," said Jahn. "It’s a confused marketplace with a lot of different legislation in the healthcare space that has recently come down to how you have to protect and secure health information when transmitting and storing it."

Among the different vertical markets Citrix covers with ShareFile, the company is currently involved with 1,500 healthcare organizations, said Jahn. While ShareFile is run on Amazon Web Services (AWS), Citrix divvied ShareFile Cloud for Healthcare to its own set of virtual servers just for PHI.

[Related: Obamacare Site Not HIPAA Compliant, Doesn't Need To Be ]

"Before we had all of our industries in AWS but with compliance use cases and large penalties in place, we felt it was a significant enough use case to segment it out, put healthcare into its own," said Jahn. "Once a customer comes to us with PHI, and signs our Business Associate Agreement, we segment out their data into a dedicated virtual private cloud," said Jahn.

According to Jahn, some health care organizations are still inattentive and oblivious to the HIPAA Omnibus rules. Not adhering to the rules will result in hefty fines, said Jahn.

"Basically, there is a lot of unawareness in the marketplace around what needs to be done in remaining compliant with the HIPAA Omnibus Rule," said Jahn. " Being unaware of the laws is not acceptable anymore, and the fines could be up to a couple hundred dollars to $50,000. If you're willfully negligent, the fines can carry up to a million and a half dollars."

By simply signing the Business Associate Agreement, a contract between ShareFile and the customer, healthcare organizations storing and protecting PHI will benefit from ShareFile Cloud for Healthcare, said Jahn. It is also available for all ShareFile accounts at no additional cost.

"This will benefit anybody in healthcare, in the insurance space with claims, legal space with medical malpractice, and finance space with investments," said Jahn. "Anybody using ShareFile Cloud for Healthcare [is] technically compliant with the HIPAA rule. There is additional security because it's a dedicated virtual private cloud in Amazon only for PHI and increased privacy, protected by ShareFile's Business Associate Agreement."

NEXT: Cloud Reduces Cost For Healthcare Organizations

ShareFile Cloud for Healthcare will also help organizations reduce costs, said Jahn.

"If I'm a standard hospital and haven’t moved to the cloud, I have a lot of investments in network equipment, servers and gears in my data center that I need to maintain, update and have a staff of IT professionals manage it," said Jahn. "By moving to cloud, you're lowering the overall cost."

Donna Grindle, president and CEO of Kardon Technology, a Citrix partner of four years, believes the new Citrix ShareFile Cloud for Healthcare will benefit the Tucker, Ga.-based HIPAA Compliance IT consultant's customers.

"We can't risk a security breach when we do HIPAA compliance services as a core part of our business. I need a solution that works securely for my small business that I can count on, too," said Grindle. "[This] allows [my customers] to meet their HIPAA security requirements when sharing data with other parties quickly and affordably. Under the new rules, you can't afford the assumption that other services are properly secured."

With PHI there is risk and it must absolutely be safeguarded, said Grindle. "We all understand the serious implications identity theft has on your financials. With PHI, you get the patient's identity plus their medical history and insurance information," said Grindle. "You can cancel a credit card that someone uses fraudulently in your name [but] there is no way to cancel your medical records. Those records are designed to stay with you forever."

For the future, Citrix will adhere to customer demands in the healthcare market, said Jahn. With ShareFile Cloud for Healthcare, HIPAA compliance is taken seriously, with extra measures taken to ensure that customers are meeting those regulations.

"With the ShareFile Cloud for Healthcare, we've taken extra steps to comply with the HIPAA Security Rule. We even had our systems assessed by an independent, third-party security consulting firm, Sword & Shield Enterprise Security, to make sure we're supporting our customers' efforts to meet HIPAA regulations," Jahn said in a company blog.

"This is the leading edge of our vertical strategy as we will add more additional features and functionality to meet our customers' demand in specific markets like legal, finance and accounting," said Jahn. "More specifically PHI, we will be going deeper into vertical strategy and will be doubling down in healthcare next year."

PUBLISHED NOV. 14, 2013