Healthcare and Cloud Computing Together at Last
Wish granted. In January of 2013, the U.S. Department of Health and Human Services introduced a few revisions to the regulations administered under the Health Insurance Portability and Accountability Act of 1996. Labeled the “Final Omnibus Rule,” this update spelled out the legal framework to be used by healthcare organizations working with cloud service providers.
With a signed Business Associate (BA) agreement, a cloud service provider accepts the responsibility to protect patient data under HIPAA law. This expanded definition of BA means that the government can now penalize cloud service providers accountable for data breaches.
Although many healthcare organizations had already entrusted certain cloud service providers with their data, only the HIPAA covered entity (the healthcare organization) was penalized in the event of a breach prior to this ruling. While the HIPAA covered entity is still responsible for oversight, this shared accountability with the cloud service provider has expanded responsibility and has led to an influx of healthcare organizations and cloud service providers working together, worry-free, in perfect harmony.
CLICK HERE for a free network assessment.