Cookies help us display personalized product recommendations and ensure you have great shopping experience.

By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
SmartData CollectiveSmartData Collective
  • Analytics
    AnalyticsShow More
    big data analytics in transporation
    Turning Data Into Decisions: How Analytics Improves Transportation Strategy
    3 Min Read
    sales and data analytics
    How Data Analytics Improves Lead Management and Sales Results
    9 Min Read
    data analytics and truck accident claims
    How Data Analytics Reduces Truck Accidents and Speeds Up Claims
    7 Min Read
    predictive analytics for interior designers
    Interior Designers Boost Profits with Predictive Analytics
    8 Min Read
    image fx (67)
    Improving LinkedIn Ad Strategies with Data Analytics
    9 Min Read
  • Big Data
  • BI
  • Exclusive
  • IT
  • Marketing
  • Software
Search
© 2008-25 SmartData Collective. All Rights Reserved.
Reading: How the Final Omnibus Rule Affects HIPAA Cloud Computing Providers
Share
Notification
Font ResizerAa
SmartData CollectiveSmartData Collective
Font ResizerAa
Search
  • About
  • Help
  • Privacy
Follow US
© 2008-23 SmartData Collective. All Rights Reserved.
SmartData Collective > IT > Cloud Computing > How the Final Omnibus Rule Affects HIPAA Cloud Computing Providers
Cloud ComputingPrivacySecurity

How the Final Omnibus Rule Affects HIPAA Cloud Computing Providers

onlinetech
onlinetech
5 Min Read
SHARE

The long-awaited final modifications to the HIPAA Privacy, Security, Enforcement and Breach Rules were introduced Thursday. The 563-word document outlines the changes that were initially slated for implementation last summer (remember the omnibus rule?). So how do these modifications affect HIPAA cloud providers?

The long-awaited final modifications to the HIPAA Privacy, Security, Enforcement and Breach Rules were introduced Thursday. The 563-word document outlines the changes that were initially slated for implementation last summer (remember the omnibus rule?). So how do these modifications affect HIPAA cloud providers?

While cloud providers have generally been considered and treated as business associates in the industry, the modifications make it even clearer that data center operators are officially considered business associates and are also directly liable for being compliant with the HIPAA standards that apply to business associates. The federal document states:

A data storage company that has access to protected health information (whether digital or hard copy) qualifies as a business associate, even if the entity does not view the information or only does so on a random or infrequent basis. Thus, document storage companies maintaining 26 protected health information on behalf of covered entities are considered business associates, regardless of whether they actually view the information they hold.  To help clarify this point, we have modified the definition of “business associate” to generally provide that a business associate includes a person who “creates, receives, maintains, or transmits” (emphasis added) protected health information on behalf of a covered entity.

As I wrote about in Healthcare Organizations: Seeking a Cloud Provider? BAAs Required, healthcare organizations need to be cautious about signing with ‘HIPAA-ready’ or ‘HIPAA certified’ cloud hosting providers. Being ‘HIPAA compliant’ or ‘HIPAA audited’ means they have undergone an independent audit, preferably measured against the latest OCR HIPAA Audit Protocol that outlines each requirement and auditor testing criteria.

More Read

cloud computing cost savings
The Cloud: More Than Just Cost Savings
Cloud Managed Services Provider (MSP) Is it really about services or winning customer trust?
Cloud Based Communications Are Now a Must for All Businesses
The Future of Cloud Computing: Emerging Trends
Cloud Technology: the Cornerstone of a Small Business’s Online Presence

If you use a cloud service, it should be your business associate. If they refuse to sign a business associate agreement, don’t use the cloud service. – David S. Holtzman of the Health Information Privacy Division of OCR during a speech at the Health Care Compliance Association’s 16th Annual Compliance Institute.

Another point they make is that business associates must also adhere to the Breach Notification Rule – including the subcontractors of business associates. For an example of what a breach notification clause might look like in a business associate agreement (BAA), read our BAA Breach Notification Clause.

Covered entities and business associates should take note – the document also states that “these proposed changes would make covered entities and business associates liable under § 160.402(c) for the acts of their business associate agents, in accordance 61 with the Federal common law of agency, regardless of whether the covered entity has a compliant business associate agreement in place.”

While business associates and agents are directly liable under HIPAA, covered entities are also directly held responsible for any actions of their business associates and other contractors down the chain of command; making a great case for why it’s important to carefully choose your HIPAA cloud hosting provider. Healthcare Software as a Service (SaaS) companies, EHR providers and other supporting healthcare vendors need to ensure their cloud Infrastructure as a Service (IaaS) providers undergo annual HIPAA audits, train their staff in security, and have the policies and procedures in place that adhere to security guidelines.

HIPAA Compliant Hosting White PaperFor more on using the cloud and secure hosting for HIPAA compliant solutions, read our HIPAA Compliant Hosting white paper. Questions to ask your HIPAA hosting provider, data center standards cheat sheet and a diagram of the technical, physical and administrative security components of a HIPAA hosting solution (including HIPAA compliant clouds) are included.

Mobile Security White PaperOr read our Mobile Security white paper for how to secure electronic protected health information (ePHI) while using mobile devices in the workplace, ideal for any healthcare organization interested in implementing a secure BYOD (Bring Your Own Device) environment.

Still have questions? Contact us or chat now.

References:
HHS: Modifications to the HIPAA Privacy, Security, Enforcement and Breach Notification Rules (PDF)

The post How the Final Omnibus Rule Affects HIPAA Cloud Computing Providers appeared first on Managed Data Center News.

TAGGED:hipaa
Share This Article
Facebook Pinterest LinkedIn
Share

Follow us on Facebook

Latest News

big data analytics in transporation
Turning Data Into Decisions: How Analytics Improves Transportation Strategy
Analytics Big Data Exclusive
AI and fund manager software
AI And The Acceleration Of Information Flows From Fund Managers To Investors
Artificial Intelligence Exclusive
sales and data analytics
How Data Analytics Improves Lead Management and Sales Results
Analytics Big Data Exclusive
ai in marketing
How AI and Smart Platforms Improve Email Marketing
Artificial Intelligence Exclusive Marketing

Stay Connected

1.2kFollowersLike
33.7kFollowersFollow
222FollowersPin

You Might also Like

data security breach
Uncategorized

HIPAA in a HITECH World: HIPAA Violations on the Rise

19 Min Read

Safeguarding Patient Data in EHRs

5 Min Read

What’s Next – Predictive Scores for Healthcare?

4 Min Read

How a HIPAA Breach Can Negatively Impact Your Business

4 Min Read

SmartData Collective is one of the largest & trusted community covering technical content about Big Data, BI, Cloud, Analytics, Artificial Intelligence, IoT & more.

ai is improving the safety of cars
From Bolts to Bots: How AI Is Fortifying the Automotive Industry
Artificial Intelligence
ai in ecommerce
Artificial Intelligence for eCommerce: A Closer Look
Artificial Intelligence

Quick Link

  • About
  • Contact
  • Privacy
Follow US
© 2008-25 SmartData Collective. All Rights Reserved.
Go to mobile version
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?