OCR Issues Guidance on HIPAA and Cloud Computing

October 18, 2016 Off By David

Grazed from JDSupra. Author: Editorial Staff.

On October 7, 2016, the U.S. Department of Health and Human Services (“HHS”), Office for Civil Rights (“OCR”), released a guidance document (the “Guidance”) on the HIPAA-compliant use of cloud computing technologies. The Guidance includes “frequently asked” questions and answers for covered entities and business associates who use cloud products and services.

The Guidance focuses on cloud computing services provided by third-party cloud services providers (“CSPs”). The Guidance notes that “CSPs generally offer online access to shared computing resources with varying levels of functionality depending on users’ requirements.” …

The Guidance makes clear that when a covered entity engages a CSP to create, receive, maintain or transmit electronic protected health information (“ePHI”) on its behalf, the CSP is a business associate of the covered entity. In addition, the Guidance states that when a business associate subcontracts with a CSP to create, receive, maintain or transmit ePHI, the CSP subcontractor is a business associate…

CategoryNews

Talon Announces Enhanced Feature Set for All New CloudFAST 4.0

The cloud’s role in the new digital economy