Reconciliation of the cloud computing model with US federal electronic health record regulations

J Am Med Inform Assoc. Mar-Apr 2012;19(2):161-5. doi: 10.1136/amiajnl-2011-000162. Epub 2011 Jul 4.


Cloud computing refers to subscription-based, fee-for-service utilization of computer hardware and software over the Internet. The model is gaining acceptance for business information technology (IT) applications because it allows capacity and functionality to increase on the fly without major investment in infrastructure, personnel or licensing fees. Large IT investments can be converted to a series of smaller operating expenses. Cloud architectures could potentially be superior to traditional electronic health record (EHR) designs in terms of economy, efficiency and utility. A central issue for EHR developers in the US is that these systems are constrained by federal regulatory legislation and oversight. These laws focus on security and privacy, which are well-recognized challenges for cloud computing systems in general. EHRs built with the cloud computing model can achieve acceptable privacy and security through business associate contracts with cloud providers that specify compliance requirements, performance metrics and liability sharing.

MeSH terms

  • Computer Security / legislation & jurisprudence*
  • Computer Simulation
  • Computers
  • Electronic Health Records / legislation & jurisprudence*
  • Electronic Health Records / organization & administration
  • Federal Government
  • Government Regulation*
  • Health Insurance Portability and Accountability Act
  • Hospital Information Systems / organization & administration
  • Information Storage and Retrieval
  • Internet*
  • Privacy / legislation & jurisprudence
  • Software
  • United States