Florida Bans Offshore EHR Storage: Implications for the Healthcare Industry

Florida Bans Offshore EHR Storage: Implications for the Healthcare Industry

In a recent development, the state of Florida has enacted legislation banning the offshore storage of electronic health records (EHR). Beginning July 1, 2023, an amendment to the Florida Electronic Health Records Exchange Act prohibits healthcare providers from storing patient records and data outside of the U.S., U.S. territories, or Canada. Additionally, providers cannot utilize third-party facilities or cloud storage services that operate outside of the U.S., U.S. territories, or Canada to store patient information (The National Law Review, 2023).

As Health Information Management (HIM) experts, we must examine the implications of this new policy and its potential impact on healthcare providers and management.

Florida has taken a proactive stance to safeguard patient data and protect sensitive health information. This move is in response to growing concerns surrounding data security and privacy breaches that have plagued the healthcare industry in recent years. The legislation thereby mandates the localization of health data storage.

Implications for Healthcare Providers

This offshore health record storage ban carries significant implications for hospitals and other healthcare organizations operating in Florida. To comply with the new regulation, healthcare providers will need to audit their data storage practices and evaluate their existing partnerships with offshore vendors. The decision to store health records within the country is expected to enhance data security, protect patient privacy, and provide greater control over the storage and management of health information.

Healthcare providers expected to comply with the amendment include “hospitals, ambulatory surgery centers, pharmacies, home health agencies, hospices, laboratories, mental health treatment facilities, substance abuse services, and licensed healthcare providers such as physicians, nurses, dentists, therapists, podiatrists, and massage therapists” (The HIPAA Journal, 2023).

EHR storage
Certified EHR adoption has seen a steady increase since 2008. It is worth noting that as of 2021, a significant majority of office-based physicians (78%) and almost all non-federal acute care hospitals (96%) have implemented a certified EHR. Source: https://www.healthit.gov/data/quickstats/national-trends-hospital-and-physician-adoption-electronic-health-records.

Data security breaches have become increasingly prevalent in recent years, with cyberattacks and ransomware incidents targeting healthcare organizations and their valuable data. By mandating the localization of health record storage, Florida aims to mitigate the risk associated with offshore storage, as well as the potential vulnerabilities introduced through international data transfers. This move aligns with industry best practices and ensures that healthcare providers can exercise greater control over the security measures implemented to protect patient data.

EHR storage

In addition to data security concerns, the ban on offshore health record storage brings compliance and regulatory considerations to the forefront. Healthcare organizations must ensure that their data storage practices align with federal and state regulations, including the Health Insurance Portability and Accountability Act (HIPAA). Failure to comply with these regulations can result in severe penalties, including substantial fines and reputational damage. By mandating the localization of health record storage, Florida reinforces its commitment to safeguarding patient information and clarifies the compliance landscape for healthcare providers in the state.

The ban is just one recently introduced law centered on protecting the security of the health sector. In 2022, the Healthcare Cybersecurity Act was introduced in the U.S. Senate to improve the health industry’s cybersecurity infrastructure and reduce the number of ransomware attacks. Additionally, loopholes have been pointed out in HIPAA’s protections regarding data sharing on health apps, websites, and other technologies.

What Now?

With the prohibition on offshore storage, healthcare providers in Florida will need to identify and partner with domestic vendors for their health record storage needs. This transition may involve evaluating the capabilities and offerings of various vendors, assessing their data security protocols, and ensuring that the selected vendors comply with regulatory requirements. Additionally, healthcare organizations will need to plan for a smooth transition process, which may include migrating existing offshore data to domestic servers and ensuring data integrity throughout the transfer.

In summary, providers will need to re-evaluate the vendors they previously used for coding or auditing support. YES HIM Consulting and our team of experts are here to help. Our entire company operates in the U.S., and we’re poised to help Florida providers navigate the new EHR regulations. Whether providers need a new coding partner or consulting help, YES is the right vendor for the project. Connect with our team today.

YES HIM Consulting

EHR storage

Subscribe to our Newsletter


  • By clicking Submit, you agree to YES HIM Consulting's Privacy Policy and Terms of Use.