Business cloud storage companies are making claims more and more often about their compliance with several national information laws, including HIPAA, SOX, FISMA and GLBA. You may wonder what this compliance means and how these laws protect your information. Here's what you need to know:
HIPAA The Health Insurance Portability and Accountability Act of 1996 established nationwide standards for protecting health information. Entities that have access to an individual's medical history doctors, dentists, nursing homes, health insurance companies, hospitals and more are required to follow guidelines to protect patient privacy.
The law requires that any entity possessing Protected Health Information (PHI) must "protect against reasonably anticipated threats to the security or integrity of the information," according to the U.S. Department of Health and Human Services.
If your company works with any data that could be considered PHI, you must, by law, take reasonable measures to prevent it from being disclosed to unauthorized persons. There is not an official HIPPA certification for business cloud storage providers, but the way most encrypt data can help you meet your obligation to shield electronic documents containing PHI.
SOX The Sarbanes Oxley Act of 2002 was passed in an effort to prevent the damage caused by financial scandals like Enron. It makes CEOs and CFOs more accountable for the content of financial statements and regulates the type of accounting records that must be stored and how long. Business cloud storage providers can help you store more of your accounting data using few resources for as long as you like in most cases, so that indirectly helps companies comply with Sarbanes Oxley. You know that you will always have financial statements a few clicks away if you are audited.
FISMA The Federal Information Security Management Act sets standards for minimum security controls for information systems, among other things, and is meant to lead to more secure information systems for federal agencies and the contractors that support them. There is an actual certification for compliance with certain levels of FISMA, and although most business cloud storage services don't technically have it, they can help you reach higher security standards for information systems by encrypting information and storing it in geographically redundant and secure facilities.
GLBA The Gramm-Leach-Bliley Act of 1999 made significant changes to the financial services world and there are a few points that could impact the world of business cloud backup. There are rules in GLBA that prohibit the sharing of certain kinds of customers' personal financial information with unaffiliated parties. A cloud storage company may be considered an unaffiliated party so the encryption of information is important if you choose to store data with them. You must ensure that no one at the business cloud storage company has access to your clients' protected information. Business cloud storage companies that let you set your own encryption keys are best if you are concerned about GLBA compliance. That way no one outside your company has access to clients' financial information, not even the cloud storage provider personnel. Also, GLBA instructs institutions to consider the encryption of electronic information while in transit. Most but not all cloud storage solutions help you do that with your customer information.
In most cases, what cloud storage services mean when they claim to comply with these laws is that they will help you comply with them. If your company routinely deals with customer information that might be regulated under any of this legislation, it is worth asking the right questions to make sure you are in compliance. In most cases, your cloud storage service will help you meet privacy and other standards.