Cookies help us display personalized product recommendations and ensure you have great shopping experience.

By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
SmartData CollectiveSmartData Collective
  • Analytics
    AnalyticsShow More
    data analytics and truck accident claims
    How Data Analytics Reduces Truck Accidents and Speeds Up Claims
    7 Min Read
    predictive analytics for interior designers
    Interior Designers Boost Profits with Predictive Analytics
    8 Min Read
    image fx (67)
    Improving LinkedIn Ad Strategies with Data Analytics
    9 Min Read
    big data and remote work
    Data Helps Speech-Language Pathologists Deliver Better Results
    6 Min Read
    data driven insights
    How Data-Driven Insights Are Addressing Gaps in Patient Communication and Equity
    8 Min Read
  • Big Data
  • BI
  • Exclusive
  • IT
  • Marketing
  • Software
Search
© 2008-25 SmartData Collective. All Rights Reserved.
Reading: How the Final Omnibus Rule Affects HIPAA Cloud Computing Providers
Share
Notification
Font ResizerAa
SmartData CollectiveSmartData Collective
Font ResizerAa
Search
  • About
  • Help
  • Privacy
Follow US
© 2008-23 SmartData Collective. All Rights Reserved.
SmartData Collective > IT > Cloud Computing > How the Final Omnibus Rule Affects HIPAA Cloud Computing Providers
Cloud ComputingPrivacySecurity

How the Final Omnibus Rule Affects HIPAA Cloud Computing Providers

onlinetech
onlinetech
5 Min Read
SHARE

The long-awaited final modifications to the HIPAA Privacy, Security, Enforcement and Breach Rules were introduced Thursday. The 563-word document outlines the changes that were initially slated for implementation last summer (remember the omnibus rule?). So how do these modifications affect HIPAA cloud providers?

The long-awaited final modifications to the HIPAA Privacy, Security, Enforcement and Breach Rules were introduced Thursday. The 563-word document outlines the changes that were initially slated for implementation last summer (remember the omnibus rule?). So how do these modifications affect HIPAA cloud providers?

While cloud providers have generally been considered and treated as business associates in the industry, the modifications make it even clearer that data center operators are officially considered business associates and are also directly liable for being compliant with the HIPAA standards that apply to business associates. The federal document states:

A data storage company that has access to protected health information (whether digital or hard copy) qualifies as a business associate, even if the entity does not view the information or only does so on a random or infrequent basis. Thus, document storage companies maintaining 26 protected health information on behalf of covered entities are considered business associates, regardless of whether they actually view the information they hold.  To help clarify this point, we have modified the definition of “business associate” to generally provide that a business associate includes a person who “creates, receives, maintains, or transmits” (emphasis added) protected health information on behalf of a covered entity.

As I wrote about in Healthcare Organizations: Seeking a Cloud Provider? BAAs Required, healthcare organizations need to be cautious about signing with ‘HIPAA-ready’ or ‘HIPAA certified’ cloud hosting providers. Being ‘HIPAA compliant’ or ‘HIPAA audited’ means they have undergone an independent audit, preferably measured against the latest OCR HIPAA Audit Protocol that outlines each requirement and auditor testing criteria.

More Read

Image
A Cautionary Tale: Are You Clicking Your Privacy (or the Privacy of Others) Away?
When Crisis Hits, Technology is Dumped, and Lizard Brains Take Over
7 Essential Data Privacy Tips for New VPN Users
How to Protect Your Small Business from Cyberattacks with Data Analytics
Cloudy with a Chance of Wrecking Your Business Model

If you use a cloud service, it should be your business associate. If they refuse to sign a business associate agreement, don’t use the cloud service. – David S. Holtzman of the Health Information Privacy Division of OCR during a speech at the Health Care Compliance Association’s 16th Annual Compliance Institute.

Another point they make is that business associates must also adhere to the Breach Notification Rule – including the subcontractors of business associates. For an example of what a breach notification clause might look like in a business associate agreement (BAA), read our BAA Breach Notification Clause.

Covered entities and business associates should take note – the document also states that “these proposed changes would make covered entities and business associates liable under § 160.402(c) for the acts of their business associate agents, in accordance 61 with the Federal common law of agency, regardless of whether the covered entity has a compliant business associate agreement in place.”

While business associates and agents are directly liable under HIPAA, covered entities are also directly held responsible for any actions of their business associates and other contractors down the chain of command; making a great case for why it’s important to carefully choose your HIPAA cloud hosting provider. Healthcare Software as a Service (SaaS) companies, EHR providers and other supporting healthcare vendors need to ensure their cloud Infrastructure as a Service (IaaS) providers undergo annual HIPAA audits, train their staff in security, and have the policies and procedures in place that adhere to security guidelines.

HIPAA Compliant Hosting White PaperFor more on using the cloud and secure hosting for HIPAA compliant solutions, read our HIPAA Compliant Hosting white paper. Questions to ask your HIPAA hosting provider, data center standards cheat sheet and a diagram of the technical, physical and administrative security components of a HIPAA hosting solution (including HIPAA compliant clouds) are included.

Mobile Security White PaperOr read our Mobile Security white paper for how to secure electronic protected health information (ePHI) while using mobile devices in the workplace, ideal for any healthcare organization interested in implementing a secure BYOD (Bring Your Own Device) environment.

Still have questions? Contact us or chat now.

References:
HHS: Modifications to the HIPAA Privacy, Security, Enforcement and Breach Notification Rules (PDF)

The post How the Final Omnibus Rule Affects HIPAA Cloud Computing Providers appeared first on Managed Data Center News.

TAGGED:hipaa
Share This Article
Facebook Pinterest LinkedIn
Share

Follow us on Facebook

Latest News

AI supply chain
AI Tools Are Strengthening Global Supply Chains
Artificial Intelligence Exclusive
data analytics and truck accident claims
How Data Analytics Reduces Truck Accidents and Speeds Up Claims
Analytics Big Data Exclusive
predictive analytics for interior designers
Interior Designers Boost Profits with Predictive Analytics
Analytics Exclusive Predictive Analytics
big data and cybercrime
Stopping Lateral Movement in a Data-Heavy, Edge-First World
Big Data Exclusive

Stay Connected

1.2kFollowersLike
33.7kFollowersFollow
222FollowersPin

You Might also Like

data security breach
Uncategorized

HIPAA in a HITECH World: HIPAA Violations on the Rise

19 Min Read
HIPPA compliance
Best PracticesBig DataData ManagementInside CompaniesITLocationPolicy and GovernancePrivacySecurity

HIPAA Breach Lessons Learned

5 Min Read

What’s Next – Predictive Scores for Healthcare?

4 Min Read
HIPAA compliant fax
Big Data

Data Security Considerations Pertaining to HIPAA Fax

5 Min Read

SmartData Collective is one of the largest & trusted community covering technical content about Big Data, BI, Cloud, Analytics, Artificial Intelligence, IoT & more.

ai chatbot
The Art of Conversation: Enhancing Chatbots with Advanced AI Prompts
Chatbots
AI chatbots
AI Chatbots Can Help Retailers Convert Live Broadcast Viewers into Sales!
Chatbots

Quick Link

  • About
  • Contact
  • Privacy
Follow US
© 2008-25 SmartData Collective. All Rights Reserved.
Go to mobile version
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?