Health IT and Electronic Health Activate your FREE membership today |  Log-in

Community Blog

Mar 14 2013   10:05AM GMT

Case study: HIPAA compliant cloud powers healthcare incentives bundled payment program

Posted by: Jenny Laurello
Cloud, Data breach, ePHI, Health care payments, HIPAA, HIPAA compliance

  Guest post by April Sage, Director of Healthcare Vertical, Online Tech

The Colorado Business Group on Health (CBGH), a small nonprofit coalition representing major purchasers of healthcare services, is leading the way when it comes to transforming healthcare payment models. CBGH’s mission is to advance the purchaser role to accelerate cost-effective, high quality healthcare. One way of doing so is to develop a program that supports the transition in the country’s healthcare payment design.

The healthcare model is being transformed to better reflect actual patient health outcomes, instead of rewarding physicians for the amount of services provided (ordering an x-ray, exam, diagnosis, etc.), in order to measure the effectiveness of services rendered. Now, physicians are rewarded based on whether or not a patient’s health is improving.

CBGH has developed a new healthcare payment model, the Healthcare Incentives Payment Pilot, to reflect this shift. The program rewards healthcare physicians that effectively deliver better patient outcomes, based off of the Prometheus Payment model.

The program analyzes big data in order to match businesses with physicians and healthcare providers that have achieved the best patient outcomes. As a result, businesses can effectively lower their employee group insurance costs by choosing physicians that show the greatest success rate in treating patients with certain pre-existing conditions. Physicians then receive incentives from the businesses, motivating them to continue delivering quality care.

CBGH needed to protect the electronic protected health information (ePHI) collected in order to run the program analytics. The industry standard for safeguarding health data, HIPAA, has a set of technical, physical and administrative security requirements that healthcare organizations must meet. These requirements reduce the risk of a data breach and loss of sensitive patient health information.

CBGH turned to Online Tech’s HIPAA compliant managed cloud servers housed in their high availability tier III data centers. Cloud computing offers the group flexibility to meet demand without wasting resources. The outsourced cloud solution also leverages support and ongoing facility maintenance to ensure their data environment can meet HIPAA compliance standards.

Cloud service providers for organizations that collect, store or transmit ePHI must also meet HIPAA compliance standards and be able to provide documentation of their independent audit report. The final omnibus rule, released earlier this year, modified HIPAA to require business associates (service providers) to be able to pass a federal audit of their services, facilities and staff.

It was beneficial for CBGH to partner with Online Tech to leverage their risk assessment documentation and HIPAA expertise to help them achieve compliance. Outsourcing their HIPAA hosting solution proved to be more economical than maintaining their own IT infrastructure that could withstand the scrutiny of federal auditors. CBGH is able to deploy innovative healthcare payment programs while trusting in the high availability and compliance of their technical solution with the support of HIPAA compliant cloud hosting.

About Online Tech

Online Tech leads in secure, compliant hosting services including cloud hosting, managed dedicated servers, Michigan colocation and disaster recovery. For more information, call (877)740-5028, email: or visit

Comment on this Post

Leave a comment:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: