Member Phi Can Be Stored On An External Hard Drive Or A Cloud Storage Service Like Google Drive Or Apple Cloud.

Storing Member PHI Securely

Using External Hard Drives

One option for storing member protected health information (PHI) is to use an external hard drive. There are some advantages to this approach:

  • External hard drives provide a physical separation from your main computer system. If your computer is compromised by malware or unauthorized access, the external drive may still remain secure.
  • External drives are portable, allowing you to store them securely or take them offsite as part of a data backup plan.
  • Large external drives provide abundant, inexpensive storage space for archiving member records.

However, there are also some downsides to be aware of:

  • External hard drives are still vulnerable to physical theft, damage, or failure. Proper encryption and physical security measures should be used.
  • It can be time consuming to manually back up data to external drives.
  • If not properly cataloged, finding specific member records on a large external archive can be difficult.

Using Cloud Storage Services

Another option is to store member PHI using a cloud storage service such as Google Drive or Apple iCloud. Some potential benefits include:

  • Cloud services provide offsite backups that remain accessible from any internet-connected device.
  • Shared storage space facilitates collaboration within a healthcare organization.
  • Cloud storage providers have robust physical and digital security measures in place.
  • Cloud storage space can scale easily and quickly as storage needs change.

However, there are also risks around using cloud services for PHI storage:

  • Uploading sensitive data to a third-party service creates multiple potential access points for attackers.
  • Most consumer-grade cloud services are not HIPAA compliant by default.
  • Cloud service outages can disrupt access to member records.
  • Extensive configuration may be required to manage user permissions and prevent accidental data leaks.

Mitigating the Risks

If external drives or cloud services are used to store member PHI, steps should be taken to mitigate potential privacy and security risks. Some best practices include:

– Enabling full-disk encryption on external drives.

– Storing external drives in secure, access-controlled locations.

– Using enterprise-grade cloud services that are certified HIPAA compliant.

– Configuring restricted user permissions and data access controls.

– Employing comprehensive backup and contingency plans.

– Auditing regularly to identify suspicious access or activity.

With proper precautions, external media and cloud services can be safely leveraged to provide secure, convenient storage for sensitive member PHI. However ultimately, the healthcare organization bears responsibility for ensuring compliance and protecting member privacy.

Expanded Tips for External Hard Drives

Choosing the Right External Drive

When selecting an external hard drive for PHI storage, key factors to consider include:

– Storage capacity needed for your member record archives.

– Durability and lifespan of the drive.

– Data transfer speed.

– Physical size/portability of the drive.

– Presence of built-in encryption.

– Cost per gigabyte of storage space.

Setting Up a Backup Schedule

Regularly backing up the latest member records from your systems to the external drive is critical. Some best practices for backups include:

– Automating backups to run daily.

– Storing previous backup versions for point-in-time restore ability.

– Occasionally testing full restores from backups to validate they work.

– Storing backups separately from original data (e.g. offsite).

Encrypting and Password Protecting Drives

Enabling encryption and setting a strong password for the external drive provides an additional layer of security against unauthorized access to PHI if the drive is lost or stolen.

Additional Cloud Storage Tips

Understanding HIPAA Compliance

Review provider HIPAA compliance carefully before selecting a cloud storage vendor. Look for:

– Recent third-party audits of their security controls.

– Contractual guarantees of HIPAA-compliant handling of data.

– Transparency around data center security and operations.

Limiting Exposure

Only store the minimum PHI needed in the cloud – don’t use it for open-ended records storage and archiving.

Controlling Access

Leverage user/group permissions, access control lists, and other authorization features offered by the cloud provider to limit data visibility.

Leave a Comment