5 things to know about HIPAA and cloud computing

Protecting patients ’ health information is critical to the future of data collection that informs population health. But how can physicians make sure they are in compliance with Health Insurance Portability and Accountability Act (HIPAA) regulations when using cloud computing? The Department of Health and Human Services Office of Civil Rights (OCR) recently issuedguidance on HIPAA and cloud computing that confirms cloud services providers (CSP) are business associates under HIPAA. If you are currently using a CSP or are planning to soon, the guidance offers detailed direction on the nature of cloud computing, business associate agreements (BAA) and how it all relates to HIPAA, including:Physicians and health care professionals can use mobile devices to access ePHI in a cloud. Accessing information in a cloud is appropriate as long as physical, administrative and technical safeguards are in place to protect the confidentiality, integrity and availability of the ePHI on the device and the cloud. Read the OCR and Office of the National Coordinator for Health ITguidance on the use of mobile devices and tips for securing ePHI on those devices.A HIPAA-covered entity or business associate can use a cloud service to store or process ePHI. The covered entity or business associate must first enter into a HIPAA-compliant BAA with the CSP that will be creating, receiving, maintaining or transmitting ePHI on its behalf. The BAA establishes how ePHI can be disclosed and used. OCR ...
Source: AMA Wire - Category: Journals (General) Authors: Source Type: news
More News: General Medicine