Unpacking new HHS guidelines on healthcare data in the cloud

Grazed from CIO. Author: Paddy Padmanabhan.

The new guidelines recognize the growing importance of cloud computing in healthcare and are the right step in the bringing cloud service providers into the broader discussion on healthcare data security. But covered entities and BAs have to unpack the guidelines and address certain gaps. The cloud services market is growing exponentially, and research firm Gartner estimates the market for cloud services to be over $200 billion.

The healthcare sector has been getting on board as well, for enterprise IT workloads as well as cloud-based technology solutions. It’s no surprise that the U.S. Department of Health and Human Services (HHS) has released a set of guidelines for cloud service providers (CSP), clarifying their role as business associates (BA) in the context of HIPAA and healthcare data…

I’m going to try to unpack these guidelines and highlight the key aspects. First off, the guidelines acknowledge the growing role of public cloud providers, such as Amazon Web Services (AWS) and Microsoft Azure, that have been storing electronic protected health information (ePHI) for some years as part of their agreements with technology providers and enterprises. These CSPs are now apparently classified as BAs and are required to sign HIPAA business associate agreements (BAA), regardless of the nature of the arrangement and the level of access to ePHI stored in the cloud infrastructure…

Read more from the source @ http://www.cio.com/article/3131337/ehr/unpacking-new-hhs-guidelines-on-healthcare-data-in-the-cloud.html