is icloud a "HIPAA-ready" or HIPAA-certified provider" ?
Not by anything Apple has published about it no. It is a consumer service, not an enterprise or commercial grade service, so I would highly doubt Apple has invested the resources and legal effort needed to ensure HIPAA compliance.
The only formally HIPAA compliant cloud services I've ever heard of are for-fee commercial sites.
Have a look at http://datashieldcorp.com/2013/04/09/compliance-and-the-cloud/
There are not many companies interested in taking on the legal obligations of claiming online storage services as HIPAA compliant - it is a corporate lawyers nightmare I would imaging, to be a company willing to go out on a limb and claim HIPAA compliance of private users data.
I work with HIPAA data. They tell me I cannot have any data on any device that is not secured by *company approved* methods, and can *only* use online backup methods and servers that the company has set up for me.
Given the HIPAA violation penalties (10s of thousands of $$ in penalties, federal prison, loss of employement ...) I would stick with what *your company* approves.
as much as i appreciate all of your input, i am at a loss.
i am a healthcare provider in a solitary practice. i use ical on my iphone to post appointments for my patients
and would subsequently sync to my macbookpro's ical.
i upgraded to Maverick and now cannot sync via a hardwire. Apple has decided to only allow ical syncing
via the cloud.
you can see my dilemma. i'm screwed. and reasonably filled with ANGER.
my calender is useless.
I had HIPAA training when it was first being introduced, although I no longer work with HIPAA data.
Unless things have changed, I do not see how having someone's name on a calendar for an appointment at a specific data and time even falls under the HIPAA regulations? Nothing in my training would lead me to believe that such benign information as a simple appointment falls under HIPAA purview at all. HIPAA covers personal medical data, not someone's appointment schedule.
Unless you were storing patient notes in Pages on iCloud or something like that, I cannot see any reason why you cannot use any online calendar synchronization service you wish to for your patient's appointment calendar. Appointments are not medical data. My family doctor sticks appointments up on a web calendar.
As Michael Black points out, the type of data is the driver in this case. What is PII (Personal Identifying Information -- I did take my refresher training this year 😉) and what is not is the dividing line. There is a chance that connecting the person to the doctor may leak something, or notes about the person's age in the appointment notes could get dicey. But them I am not a HIPAA lawyer.
It is not just the PII, but it must be a PII that links that person to actual medical information. A patients name is an official and defined identifier (there are what, like 15 or 20 such identifiers ?), but if it is used in a context that does not nor cannot link it to any actual medical information, then it is not under HIPAA.
So an appointment in a calendar stored somewhere for Joe Nobody at Date&Time whatever is not covered under HIPAA at all as far as I could see (as long as, as you mention, there is no linked file to a note or full address or something).
When scrubbing data from the official database for use in a more-public testing database, even age was a factor if beyond a particular age. I was directed to get guidelines for each data-type and even had to "randomize" name/age/county/city with Oracle PL/SQL functions and DB tables. Apparently some counties in some states have so few people that county alone can be considered PII, either by contact-phone-number or address.
I take a paranoid view on these matters because I like my job.
again, i appreciate the points you all have raised, but my ical stores not only the party's name, time, date, but the notes were used to store the contact phone number, the medical issue at hand, and the appropriate therapy i would be providing for them. sometimes, i would store other information based upon the consultation with the party at the time of service. i did this so i could, at a glance look at my schedule and prepare for my appointments with the proper logistics.
as of now, i have a couple of months of appointments in my ical / iphone needing to be synced to my MBP.
my choices, are to
1. go into the phone and redact all therapeutic information from each and every appointment, and sign up for the cloud to sync the info, and then re-do all the info into my ical/MBP.
OR
2. un-install Maverick and re-install an older OS for hardwire syncing.
OR
3. buy software as suggested above to make my software in my Apple products actually function.
i don't relish any of these options. i really am disgusted with the short-sightedness of this change by Apple.
not everyone wants to cloud. i shouldn't be forced to cloud so my $1100 MBP and $$$ of the iphone will talk
each other. it's so freaking frustrating and so totally NOT intuitive computing.
i value my privacy. i value my integrity of the information stored in my products. i value my work, and
the trust my patients have in me.
i have no idea who controls the cloud and who has access to the data in it.
i am not pleading for a new feature that doesn't exist; i want the feature that USED TO EXIST
that would keep my data private and secure, and btw that was FREE.
I apologize if my comments are seen as "preaching" or "judgemental". I only speak from the pragmatic position I am put in by my current account assignment.
You might consider this solution to restore local syncing with your Mac: http://www.macworld.com/article/2061183/itunes-ios-syncing-gone-solve-it-with-se rver-.html.
hipaa
