{"id":1399,"date":"2016-10-26T09:28:06","date_gmt":"2016-10-26T13:28:06","guid":{"rendered":"https:\/\/solutionsreview.com\/cloud-platforms\/?p=1399"},"modified":"2016-10-26T09:28:06","modified_gmt":"2016-10-26T13:28:06","slug":"hippa-and-cloud-computing-what-you-need-to-know","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/cloud-platforms\/hippa-and-cloud-computing-what-you-need-to-know\/","title":{"rendered":"HIPAA and Cloud Computing: Your Compliance Questions, Answered"},"content":{"rendered":"<div class=\"field field-name-full-title-as-h1 field-type-ds field-label-hidden\">\n<div class=\"field-items\">\n<div class=\"field-item even\">\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-1406\" src=\"https:\/\/solutionsreview.com\/cloud-platforms\/files\/2016\/10\/HIPPA-and-Cloud-Computing-Your-Businesses-Compliance-Questions-Answered.png\" alt=\"HIPAA and Cloud Computing: Your Businesses Compliance Questions, Answered.\" width=\"800\" height=\"350\" srcset=\"https:\/\/solutionsreview.com\/cloud-platforms\/files\/2016\/10\/HIPPA-and-Cloud-Computing-Your-Businesses-Compliance-Questions-Answered.png 800w, https:\/\/solutionsreview.com\/cloud-platforms\/files\/2016\/10\/HIPPA-and-Cloud-Computing-Your-Businesses-Compliance-Questions-Answered-300x131.png 300w, https:\/\/solutionsreview.com\/cloud-platforms\/files\/2016\/10\/HIPPA-and-Cloud-Computing-Your-Businesses-Compliance-Questions-Answered-768x336.png 768w, https:\/\/solutionsreview.com\/cloud-platforms\/files\/2016\/10\/HIPPA-and-Cloud-Computing-Your-Businesses-Compliance-Questions-Answered-600x263.png 600w, https:\/\/solutionsreview.com\/cloud-platforms\/files\/2016\/10\/HIPPA-and-Cloud-Computing-Your-Businesses-Compliance-Questions-Answered-180x79.png 180w, https:\/\/solutionsreview.com\/cloud-platforms\/files\/2016\/10\/HIPPA-and-Cloud-Computing-Your-Businesses-Compliance-Questions-Answered-400x175.png 400w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/p>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"field field-name-body field-type-text-with-summary field-label-hidden\">\n<div class=\"field-items\">\n<div class=\"field-item even\">\n<div class=\"syndicate\">\n<p style=\"text-align: justify\"><span style=\"color: #000000\">These days, for healthcare providers and those trusted with a patient&#8217;s personal information, it&#8217;s all about keeping up with compliance. Recently released were updated guidelines on what it takes for Cloud Service Providers (CSPs) to make the HIPAA compliance cut, and what healthcare agencies\u00a0should be critical of when leveraging offerings from CSPs.\u00a0Numerous laws and regulations pertain to the storage and use of data, including that of cloud computing. In the US, these include privacy or data protection laws, including\u00a0the <a title=\"Health Insurance Portability and Accountability Act\" href=\"https:\/\/www.hhs.gov\/hipaa\/\" target=\"_blank\">Health Insurance Portability and Accountability Act<\/a> (HIPAA).<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"color: #000000\">&#8220;With the proliferation and widespread adoption of cloud computing solutions, HIPAA covered entities and business associates are questioning whether and how they can take advantage of cloud computing while complying with regulations protecting the privacy and security of electronic protected health information (ePHI).&#8221;<\/span><\/p>\n<p style=\"text-align: justify\">The US Department of Health and Services <a href=\"https:\/\/www.hhs.gov\/hipaa\/for-professionals\/special-topics\/cloud-computing\/index.html\" target=\"_blank\">details several\u00a0key questions<\/a> and answers to assist HIPAA regulated CSPs and their customers in understanding their responsibilities under the HIPAA Rules when they create, receive, maintain or transmit ePHI using cloud products and services. Here are 5 of the top considerations from the Department of Health and Services to keep in mind before you head to market.<\/p>\n<hr \/>\n<h4 style=\"text-align: justify\">May a HIPAA covered entity or business associate use a cloud service to store or process ePHI?<\/h4>\n<p style=\"text-align: justify\">Yes, provided the covered entity or business associate enters into a HIPAA-compliant business associate contract or agreement (BAA) with the CSP that will be creating, receiving, maintaining, or transmitting electronic protected health information (ePHI) on its behalf, and otherwise complies with the HIPAA Rules.<\/p>\n<p style=\"text-align: justify\">A covered entity (or business associate) that engages a CSP should understand the cloud computing environment or solution offered by a particular CSP so that the covered entity (or business associate) can appropriately conduct its own risk analysis and establish risk management policies.<\/p>\n<h4 style=\"text-align: justify\">Use a Service Level Agreement (SLA) to address more specific business expectations<\/h4>\n<p style=\"text-align: justify\">SLAs can include provisions that address such HIPAA concerns as,\u00a0System availability and reliability, back-up and data recovery (e.g., as necessary to be able to respond to a ransomware attack or other emergency situation), manner in which data will be returned to the customer after service use termination, security responsibility; and use, retention and disclosure limitations.<\/p>\n<h4 style=\"text-align: justify\">Security Considerations<\/h4>\n<p style=\"text-align: justify\">All CSPs that are business associates must comply with the applicable standards and implementation specifications of the Security Rule with respect to ePHI. \u00a0However, in cases where a CSP is providing only no-view services to a covered entity (or business associate) customer, certain Security Rule requirements that apply to the ePHI maintained by the CSP may be satisfied for both parties through the actions of one of the parties. \u00a0In particular, where only the customer controls who is able to view the ePHI maintained by the CSP, certain access controls, such as authentication or unique user identification, may be the responsibility of the customer, while others, such as encryption, may be the responsibility of the CSP business associate.<\/p>\n<p style=\"text-align: justify\">However, as a business associate, the CSP is still responsible under the Security Rule for implementing other reasonable and appropriate controls to limit access to information systems that maintain customer ePHI.<\/p>\n<h4 style=\"text-align: justify\">Privacy Considerations<\/h4>\n<p style=\"text-align: justify\">A business associate may only use and disclose PHI as permitted by its BAA and the Privacy Rule, or as otherwise required by law.\u00a0 While a CSP that provides only no-view services to a covered entity or business associate customer may not control who views the ePHI, the CSP still must ensure that it itself only uses and discloses the encrypted information as permitted by its BAA and the Privacy Rule, or as otherwise required by law.<\/p>\n<h4 style=\"text-align: justify\">Breach Notification Rule Considerations<\/h4>\n<p style=\"text-align: justify\">A business associate is responsible for notifying the covered entity (or the business associate with which it has contracted) of breaches of unsecured PHI.\u00a0<em>Unsecured PHI<\/em> is PHI that has not been destroyed or is not encrypted at the levels specified in HHS\u2019 <em><a id=\"anch_102\" href=\"https:\/\/www.hhs.gov\/hipaa\/for-professionals\/breach-notification\/guidance\/index.html\">Guidance to Render Unsecured Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals<\/a>.<\/em>\u00a0However, if the ePHI is encrypted, but not at a level that meets the HIPAA standards or the decryption key was also breached, then the incident must be reported to its customer as a breach, unless one of the exceptions to the definition of \u201cbreach\u201d applies.<\/p>\n<h4 style=\"text-align: justify\"><a id=\"_ftnref22\" title=\"\" href=\"https:\/\/www.hhs.gov\/hipaa\/for-professionals\/special-topics\/cloud-computing\/index.html#_ftn22\" name=\"_ftnref22\"><\/a><\/h4>\n<p style=\"text-align: justify\">Lastly, although the HIPAA Requirements do not enforce the following, it&#8217;s a good idea to do business with a cloud service provider that adheres to the following practices and policies.<\/p>\n<p style=\"text-align: justify\"><strong>Is the client infrastructure auditable?<\/strong><\/p>\n<p style=\"text-align: justify\">One of the most critical requirements for a HIPAA compliant hosting provider is the ability to facilitate an auditor\u2019s risk assessment of the environment that houses ePHI.<\/p>\n<p style=\"text-align: justify\"><strong>Do they provide FIPS 140-2 Encryption for data in transit?<\/strong><\/p>\n<p style=\"text-align: justify\">Oddly enough, the HIPAA rules state that the use of encryption is not\u00a0mandatory. To protect your data, make sure ePHI is encrypted in any possible location.<\/p>\n<p style=\"text-align: justify\">\n<p style=\"text-align: justify\"><strong>Which CSP&#8217;s offer HIPAA compliance?<\/strong><\/p>\n<h5 style=\"text-align: justify\">Download\u00a0our Free\u00a0<a href=\"https:\/\/solutionsreview.com\/cloud-platforms\/free-cloud-platform-solutions-paas-iaas-buyers-guide\/\" target=\"_blank\">Cloud Computing Platform Buyer&#8217;s Guide<\/a> for a closer look at product key features and capabilities.<\/h5>\n<br \/>Widget not in any sidebars<br \/>\n<p>&nbsp;<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>These days, for healthcare providers and those trusted with a patient&#8217;s personal information, it&#8217;s all about keeping up with compliance. Recently released were updated guidelines on what it takes for Cloud Service Providers (CSPs) to make the HIPAA compliance cut, and what healthcare agencies\u00a0should be critical of when leveraging offerings from CSPs.\u00a0Numerous laws and regulations [&hellip;]<\/p>\n","protected":false},"author":29,"featured_media":1406,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[2],"tags":[479,477,478],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>HIPAA and Cloud Computing: Your Compliance Questions, Answered - Cloud Platforms &amp; Infrastructure Services | Solutions Review<\/title>\n<meta name=\"description\" content=\"Here are 5 of the top considerations\u00a0to keep in mind before you head to market.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/cloud-platforms\/hippa-and-cloud-computing-what-you-need-to-know\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/cloud-platforms\/hippa-and-cloud-computing-what-you-need-to-know\/\",\"url\":\"https:\/\/solutionsreview.com\/cloud-platforms\/hippa-and-cloud-computing-what-you-need-to-know\/\",\"name\":\"HIPAA and Cloud Computing: Your Compliance Questions, Answered - Cloud Platforms &amp; Infrastructure Services | Solutions Review\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/cloud-platforms\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/cloud-platforms\/hippa-and-cloud-computing-what-you-need-to-know\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/cloud-platforms\/hippa-and-cloud-computing-what-you-need-to-know\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/cloud-platforms\/files\/2016\/10\/HIPPA-and-Cloud-Computing-Your-Businesses-Compliance-Questions-Answered.png\",\"datePublished\":\"2016-10-26T13:28:06+00:00\",\"dateModified\":\"2016-10-26T13:28:06+00:00\",\"author\":{\"@id\":\"\"},\"description\":\"Here are 5 of the top considerations\u00a0to keep in mind before you head to market.\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/cloud-platforms\/hippa-and-cloud-computing-what-you-need-to-know\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/cloud-platforms\/hippa-and-cloud-computing-what-you-need-to-know\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/cloud-platforms\/hippa-and-cloud-computing-what-you-need-to-know\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/cloud-platforms\/files\/2016\/10\/HIPPA-and-Cloud-Computing-Your-Businesses-Compliance-Questions-Answered.png\",\"contentUrl\":\"https:\/\/solutionsreview.com\/cloud-platforms\/files\/2016\/10\/HIPPA-and-Cloud-Computing-Your-Businesses-Compliance-Questions-Answered.png\",\"width\":800,\"height\":350,\"caption\":\"HIPAA and Cloud Computing: Your Businesses Compliance Questions, Answered.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/cloud-platforms\/hippa-and-cloud-computing-what-you-need-to-know\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/cloud-platforms\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"HIPAA and Cloud Computing: Your Compliance Questions, Answered\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/cloud-platforms\/#website\",\"url\":\"https:\/\/solutionsreview.com\/cloud-platforms\/\",\"name\":\"Cloud Platforms &amp; Infrastructure Services | Solutions Review\",\"description\":\"Evaluating Hyperscale Cloud Providers, Hybrid IaaS, PaaS &amp; Cloud Management Tools.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/cloud-platforms\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"\",\"url\":\"https:\/\/solutionsreview.com\/cloud-platforms\/author\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"HIPAA and Cloud Computing: Your Compliance Questions, Answered - Cloud Platforms &amp; Infrastructure Services | Solutions Review","description":"Here are 5 of the top considerations\u00a0to keep in mind before you head to market.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/cloud-platforms\/hippa-and-cloud-computing-what-you-need-to-know\/","twitter_misc":{"Written by":"","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/cloud-platforms\/hippa-and-cloud-computing-what-you-need-to-know\/","url":"https:\/\/solutionsreview.com\/cloud-platforms\/hippa-and-cloud-computing-what-you-need-to-know\/","name":"HIPAA and Cloud Computing: Your Compliance Questions, Answered - Cloud Platforms &amp; Infrastructure Services | Solutions Review","isPartOf":{"@id":"https:\/\/solutionsreview.com\/cloud-platforms\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/cloud-platforms\/hippa-and-cloud-computing-what-you-need-to-know\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/cloud-platforms\/hippa-and-cloud-computing-what-you-need-to-know\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/cloud-platforms\/files\/2016\/10\/HIPPA-and-Cloud-Computing-Your-Businesses-Compliance-Questions-Answered.png","datePublished":"2016-10-26T13:28:06+00:00","dateModified":"2016-10-26T13:28:06+00:00","author":{"@id":""},"description":"Here are 5 of the top considerations\u00a0to keep in mind before you head to market.","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/cloud-platforms\/hippa-and-cloud-computing-what-you-need-to-know\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/cloud-platforms\/hippa-and-cloud-computing-what-you-need-to-know\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/cloud-platforms\/hippa-and-cloud-computing-what-you-need-to-know\/#primaryimage","url":"https:\/\/solutionsreview.com\/cloud-platforms\/files\/2016\/10\/HIPPA-and-Cloud-Computing-Your-Businesses-Compliance-Questions-Answered.png","contentUrl":"https:\/\/solutionsreview.com\/cloud-platforms\/files\/2016\/10\/HIPPA-and-Cloud-Computing-Your-Businesses-Compliance-Questions-Answered.png","width":800,"height":350,"caption":"HIPAA and Cloud Computing: Your Businesses Compliance Questions, Answered."},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/cloud-platforms\/hippa-and-cloud-computing-what-you-need-to-know\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/cloud-platforms\/"},{"@type":"ListItem","position":2,"name":"HIPAA and Cloud Computing: Your Compliance Questions, Answered"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/cloud-platforms\/#website","url":"https:\/\/solutionsreview.com\/cloud-platforms\/","name":"Cloud Platforms &amp; Infrastructure Services | Solutions Review","description":"Evaluating Hyperscale Cloud Providers, Hybrid IaaS, PaaS &amp; Cloud Management Tools.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/cloud-platforms\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"","url":"https:\/\/solutionsreview.com\/cloud-platforms\/author\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/cloud-platforms\/wp-json\/wp\/v2\/posts\/1399"}],"collection":[{"href":"https:\/\/solutionsreview.com\/cloud-platforms\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/cloud-platforms\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/cloud-platforms\/wp-json\/wp\/v2\/users\/29"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/cloud-platforms\/wp-json\/wp\/v2\/comments?post=1399"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/cloud-platforms\/wp-json\/wp\/v2\/posts\/1399\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/cloud-platforms\/wp-json\/wp\/v2\/media\/1406"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/cloud-platforms\/wp-json\/wp\/v2\/media?parent=1399"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/cloud-platforms\/wp-json\/wp\/v2\/categories?post=1399"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/cloud-platforms\/wp-json\/wp\/v2\/tags?post=1399"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}