Salesforce.com on Monday announced that it upgraded its Health Cloud to deliver HIPAA-compliant B2B commerce capabilities and order management to more effectively safeguard patient health information.

Along with the HIPAA and security measures, the upgrade also includes remote patient exception monitoring and more effective appointment and medication management.

The past 18 months have seen an explosion in the digital transformation of health care — from a massive explosion in telehealth to the largest year of health care focused venture capital investment ever, said Mike Murray, co-founder and CEO of Scope Security. Murray said this will lead to a lot of technology companies expanding their offerings to work with health care delivery organizations. We should also expect those companies take the time to understand how to protect patient and care data from disclosure and that they make the ecosystem more — rather than less — secure.

“With the drive for health systems to better use their data to enable better patient care, population health and ultimately support higher patient volumes, more and more products are evolving to use that data in new and innovative ways,” Murray said. “The key is that we see vendors continue to emphasize the controls needed for security and privacy of that data. And, while HIPAA has become an important driver, organizations that focus only on compliance will likely fall short — it's important that these new and innovative products drive more than just compliance with regulation, but actual data protection to ensure that these new use cases comply with the spirit of the law as well as the letter.”

HIPAA compliance in the technology space has always been complicated, and doubly so for SaaS systems, said Jake Williams, co-founder and CTO at BreachQuest. Williams said companies using systems without specific HIPAA protections find it is nearly impossible to maintain compliance.

“Of course, maintaining compliance is only one side of the coin,” Williams said. “The other, often more challenging, aspect is proving compliance to auditors, many of whom are struggling to understand the technologies themselves. That makes Salesforce’s offering all the more exciting. An organization with the resources of Salesforce can be trusted to structure its compliance correctly, limiting exposure to covered entities that use the service.”

Uploading personal health information to any cloud provider should give organizations great pause, added John Bambenek, threat intelligence adviser at Netenrich. “Ensuring your third-party providers are compliant — and not just saying they are compliant — is required, and any breach can face significant fines under HIPAA, even if their third-party providers are at-fault. The biggest impact is that Salesforce is now trying to capture market share of smaller companies already active in this space."