13 Oct The latest on HIPAA and cloud computing
Have you heard? The U.S. Department of Health and Human Services (HHS) has released a round of guidance governing HIPAA. This time they are weighing in on HIPAA in the age of cloud computing.
HHS has set out to guide how HIPAA covered entities manage the security and privacy of electronic protected health information when such information is being managed by a cloud service provider (CSP).
In short, HHS is requiring that CSPs sign a business associate agreement with the provider they are doing business with. In some cases, however, certain aspects of the regulations can be waived. In some cases providers won’t need to verify who is accessing the data.
In many cases, new regulations are met with skepticism and concern by industry insiders. Though they may be written with good intentions, due they come with hidden burdens and costs? In this situation, however, most major players aren’t in objection.
The fact is, if you are a CSP with sound security and compliance checks in place, it shouldn’t be hard to meet HHS requirements.
The new regulations cover everything from storing sensitive electronic health information to decryption keys and how to handle security incidents. Are you a health care provider or other market player who may be affected? For more information click or tap here.