The Health Insurance Portability and Accountability Act of 1996, better known as HIPAA, was established to create standards and regulations related to the confidentiality, security and transmissibility of personal health information. As new technologies continue to emerge, it is important to understand the regulation updates to ensure your practice remains HIPAA compliant.
Cloud computing is one of the technologies that has had a tremendous impact on the way data can be most efficiently and effectively shared. And although HIPAA doesn’t prevent practices from utilizing cloud-based software and applications, the Department of Health and Human Services (HHS) released some new guidance on HIPAA compliance and cloud computing in 2016.
Here are 3 things your practice should know to best understand how you can use “the cloud” while remaining HIPAA compliant.
- Doctors, nurses and other healthcare professionals are NOT prohibited from using mobile devices to access electronically protected health information (ePHI) as long as physical, administrative and technical safeguards are in place to protect the confidentiality, integrity and availability of the personal data on both the specific device and in the cloud-based application.
- HIPAA-covered entities may use cloud computing services to store or process ePHI, but only after entering into a business associate agreement (BAA) with the cloud service provider (CSP) that will be maintaining or transmitting ePHI on its behalf.
- If your CSP experiences a security-related incident they must report it to your practice immediately so that you may inform any impacted parties as stipulated in the Privacy, Security and Breach Notification Rules.
At ATB we employ a CISSP-certified consultant who is specifically trained to perform security assessments and develop individualized strategic plans to ensure your medical-based business is aligned with HIPAA privacy rules while maximizing the benefits of available cloud-based technologies. Don’t wait until you experience an issue with your CSP to find out you aren’t HIPAA compliant – contact us today and take a proactive approach to HIPAA compliance and cloud computing.