hipaa logo cloud Cloud Provider Need to Comply With New HIPAA Privacy, Security, Enforcement and Breach RulesThe last changes to the HIPAA Privacy, Security, Enforcement and Breach Rules had recently been released. Such rules were first implemented the summer of 2012. It also contains how cloud computing providers are to be treated by the healthcare industry. According to the HIPAA standard, the cloud vendors are business associates and as business associates they are expected to be the first ones to comply with the final modifications to the HIPAA rules.

According to the 563-word document, any cloud computing provider which has access to qualified health information is a business associate. Therefore, the document also defined a business associate as somebody who “creates, receives, maintains, or transmits” any private health information. A cloud computing firm which aims to be a business associate of a healthcare organization must commit to a business associate agreement.

The cloud provider must also comply with the Breach Notification Rule. Both the cloud computing firm and the healthcare company are both liable for any violations against the HIPAA rules. The covered healthcare company is also directly responsible for every action of its cloud computing provider. Therefore, a healthcare organization must exercise due care in choosing its cloud provider. The cloud computing service provider must also agree to yearly HIPAA audits and that its staff must be trained on cloud data security. Policies and procedures of the cloud provider must also be in accordance with the HIPAA security guidelines.

According to Chief Privacy Officer Joy Pritts of the Office of the National Coordinator for Health IT, it is very clear that health information will soon be moved to the clouds, especially for the health data of smaller healthcare firms which move their health records to the clouds to cut costs. With the new HIPAA rules, all cloud computing providers must ensure that patient data is protected. Patient data encryption is a must under the modified HIPAA standard.

  • FrankM

    I think you should read the new rules a bit more closely. As a service provider who handles CE’s, unless the provider, who is actually a conduit of the electronic data transmission and is not required to have routine access to PHI, is not considered a business associate (BA). The key point here is, “routine access”.

    The final rule adopts the language that expressly designates as business associates: (1) A Health Information Organization, E-prescribing Gateway, or other person that provides data
    transmission services with respect to protected health information to a covered entity and that requires routine access to such protected health information; and (2) a person who offers a personal health record to one or more individuals on behalf of a covered

Hottest IT Skills in 2013 – Cloud, Mobile and BI
In 2012, more than 1.7 million jobs in the field of cloud computing remained unoccupied, according to analysts firm IDC. READ MORE
How Cloud Computing Influences Digital Marketing
Cloud marketing has the ability to drastically change the ways in which they reach and engage their audience, particularly with regard to distributing and storing mission-critical data. READ MORE
Gartner: BYOD to Take Center Stage For Mobile App Use by 2017
More and more companies encourage their employees to work on their devices, thus reducing the cost of computer equipment, but also increase the cost to maintain licenses and safety. READ MORE
Maturity in the Cloud: Start Thinking Like a Grown-Up
Despite the inclination to wait until all of the cloud’s kinks have been worked out, holding off on cloud initiatives until the industry matures won’t guarantee success. READ MORE
PwC: Cloud, SaaS and Mobile Are Changing Software Industry
The software industry is undergoing major changes by trends such as cloud, SaaS, mobile technology and the “consumerization of IT”. READ MORE
10 Cloud Computing Game Changers
Here are the ten most influential cloud computing companies, and the reason why. READ MORE