The Dawn Of “Compliance As A Service”?

Posted on October 5, 2012 I Written By

Anne Zieger is veteran healthcare branding and communications expert with more than 25 years of industry experience. and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also worked extensively healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or

A few days ago, I posted a quick report on our sister site discussing Verizon’s plans to offer a HIPAA-compliant cloud service.

Verizon, which has beefed up on security services over the past few years, seems to see its role as being compliance vendor rather than just a mere business associate.  The carrier notes that not only does it offer super-secure data centers, it has trained staffers on HIPAA-specific data handling issues.

But Verizon obviously isn’t the only cloud vendor out there capable of offering HIPAA-compliant services. Could this be the dawn of CaaS (compliance as a service) for healthcare? (Others industries, like banking, are already well into this approach.)

According to reader Scott Gardner, who commented on the story, this concept has legs. “I’ve been pitching [Compliance As A Service] to cloud-based persistency vendors targeting mobility for some time,” writes Gardner, whose company Inyago focuses on private practice IT services via MacPractice. “Offering this service makes perfect sense, especially in private practice healthcare. And you get interoperability (core #14) right out of the box for all users on the platform.”

The burning question here, I suppose, is whether CIOs feel safe trusting outsiders with clinical data flow. Right now the answer seems to be “no.” As my colleague John noted in a related blog post, at present even those providers who are cloud users are more prone to access it for “commodity” services such as e-mail, file storage, videoconferencing and online learning, according to a CDW survey.

With providers needing interoperability under Meaningful Use Stage 2, the landscape may change, however. Whether or not they’re terribly comfortable with Verizon and its rivals, CIOs might find it easier to delegate compliance than cope with the difficulties of build-your-own-interoperability schemes. So perhaps CaaS really does have a chance at achieving rapid uptake — unless someone invents the insta-install HIE!