By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
SmartData CollectiveSmartData Collective
  • Analytics
    AnalyticsShow More
    AI analytics
    AI-Based Analytics Are Changing the Future of Credit Cards
    6 Min Read
    data overload showing data analytics
    How Does Next-Gen SIEM Prevent Data Overload For Security Analysts?
    8 Min Read
    hire a marketing agency with a background in data analytics
    5 Reasons to Hire a Marketing Agency that Knows Data Analytics
    7 Min Read
    predictive analytics for amazon pricing
    Using Predictive Analytics to Get the Best Deals on Amazon
    8 Min Read
    data science anayst
    Growing Demand for Data Science & Data Analyst Roles
    6 Min Read
  • Big Data
  • BI
  • Exclusive
  • IT
  • Marketing
  • Software
Search
© 2008-23 SmartData Collective. All Rights Reserved.
Reading: How the Final Omnibus Rule Affects HIPAA Cloud Computing Providers
Share
Notification Show More
Aa
SmartData CollectiveSmartData Collective
Aa
Search
  • About
  • Help
  • Privacy
Follow US
© 2008-23 SmartData Collective. All Rights Reserved.
SmartData Collective > IT > Cloud Computing > How the Final Omnibus Rule Affects HIPAA Cloud Computing Providers
Cloud ComputingPrivacySecurity

How the Final Omnibus Rule Affects HIPAA Cloud Computing Providers

onlinetech
Last updated: 2013/01/19 at 7:57 PM
onlinetech
5 Min Read
SHARE

The long-awaited final modifications to the HIPAA Privacy, Security, Enforcement and Breach Rules were introduced Thursday. The 563-word document outlines the changes that were initially slated for implementation last summer (remember the omnibus rule?). So how do these modifications affect HIPAA cloud providers?

The long-awaited final modifications to the HIPAA Privacy, Security, Enforcement and Breach Rules were introduced Thursday. The 563-word document outlines the changes that were initially slated for implementation last summer (remember the omnibus rule?). So how do these modifications affect HIPAA cloud providers?

While cloud providers have generally been considered and treated as business associates in the industry, the modifications make it even clearer that data center operators are officially considered business associates and are also directly liable for being compliant with the HIPAA standards that apply to business associates. The federal document states:

A data storage company that has access to protected health information (whether digital or hard copy) qualifies as a business associate, even if the entity does not view the information or only does so on a random or infrequent basis. Thus, document storage companies maintaining 26 protected health information on behalf of covered entities are considered business associates, regardless of whether they actually view the information they hold.  To help clarify this point, we have modified the definition of “business associate” to generally provide that a business associate includes a person who “creates, receives, maintains, or transmits” (emphasis added) protected health information on behalf of a covered entity.

More Read

HIPAA compliant fax

Data Security Considerations Pertaining to HIPAA Fax

Data Analytics Solutions To HIPAA Compliance During Quarantine
HIPAA Violations Cost Health Insurer $1.7 Million: Lessons Learned
HIPAA Breach Lessons Learned
HIPAA in a HITECH World: HIPAA Violations on the Rise

As I wrote about in Healthcare Organizations: Seeking a Cloud Provider? BAAs Required, healthcare organizations need to be cautious about signing with ‘HIPAA-ready’ or ‘HIPAA certified’ cloud hosting providers. Being ‘HIPAA compliant’ or ‘HIPAA audited’ means they have undergone an independent audit, preferably measured against the latest OCR HIPAA Audit Protocol that outlines each requirement and auditor testing criteria.

If you use a cloud service, it should be your business associate. If they refuse to sign a business associate agreement, don’t use the cloud service. – David S. Holtzman of the Health Information Privacy Division of OCR during a speech at the Health Care Compliance Association’s 16th Annual Compliance Institute.

Another point they make is that business associates must also adhere to the Breach Notification Rule – including the subcontractors of business associates. For an example of what a breach notification clause might look like in a business associate agreement (BAA), read our BAA Breach Notification Clause.

Covered entities and business associates should take note – the document also states that “these proposed changes would make covered entities and business associates liable under § 160.402(c) for the acts of their business associate agents, in accordance 61 with the Federal common law of agency, regardless of whether the covered entity has a compliant business associate agreement in place.”

While business associates and agents are directly liable under HIPAA, covered entities are also directly held responsible for any actions of their business associates and other contractors down the chain of command; making a great case for why it’s important to carefully choose your HIPAA cloud hosting provider. Healthcare Software as a Service (SaaS) companies, EHR providers and other supporting healthcare vendors need to ensure their cloud Infrastructure as a Service (IaaS) providers undergo annual HIPAA audits, train their staff in security, and have the policies and procedures in place that adhere to security guidelines.

HIPAA Compliant Hosting White PaperFor more on using the cloud and secure hosting for HIPAA compliant solutions, read our HIPAA Compliant Hosting white paper. Questions to ask your HIPAA hosting provider, data center standards cheat sheet and a diagram of the technical, physical and administrative security components of a HIPAA hosting solution (including HIPAA compliant clouds) are included.

Mobile Security White PaperOr read our Mobile Security white paper for how to secure electronic protected health information (ePHI) while using mobile devices in the workplace, ideal for any healthcare organization interested in implementing a secure BYOD (Bring Your Own Device) environment.

Still have questions? Contact us or chat now.

References:
HHS: Modifications to the HIPAA Privacy, Security, Enforcement and Breach Notification Rules (PDF)

The post How the Final Omnibus Rule Affects HIPAA Cloud Computing Providers appeared first on Managed Data Center News.

TAGGED: hipaa
onlinetech January 19, 2013
Share This Article
Facebook Twitter Pinterest LinkedIn
Share

Follow us on Facebook

Latest News

Data Ethics: Safeguarding Privacy and Ensuring Responsible Data Practices
Data Ethics: Safeguarding Privacy and Ensuring Responsible Data Practices
Best Practices Big Data Data Collection Data Management Privacy
data protection for SMEs
8 Crucial Tips to Help SMEs Guard Against Data Breaches
Data Management
How AI is Boosting the Customer Support Game
How AI is Boosting the Customer Support Game
Artificial Intelligence
AI analytics
AI-Based Analytics Are Changing the Future of Credit Cards
Analytics Artificial Intelligence Exclusive

Stay Connected

1.2k Followers Like
33.7k Followers Follow
222 Followers Pin

You Might also Like

HIPAA compliant fax
Big Data

Data Security Considerations Pertaining to HIPAA Fax

5 Min Read
data privacy and HIPAA
Security

Data Analytics Solutions To HIPAA Compliance During Quarantine

6 Min Read

HIPAA Violations Cost Health Insurer $1.7 Million: Lessons Learned

4 Min Read
HIPPA compliance
Best PracticesBig DataData ManagementInside CompaniesITLocationPolicy and GovernancePrivacySecurity

HIPAA Breach Lessons Learned

5 Min Read

SmartData Collective is one of the largest & trusted community covering technical content about Big Data, BI, Cloud, Analytics, Artificial Intelligence, IoT & more.

AI chatbots
AI Chatbots Can Help Retailers Convert Live Broadcast Viewers into Sales!
Chatbots
ai is improving the safety of cars
From Bolts to Bots: How AI Is Fortifying the Automotive Industry
Artificial Intelligence

Quick Link

  • About
  • Contact
  • Privacy
Follow US
© 2008-23 SmartData Collective. All Rights Reserved.
Go to mobile version
Welcome Back!

Sign in to your account

Lost your password?