Cloud Computing Meets HIPAA Omnibus: A Provider Checklist

Grazed from AdvanceWeb. Author: Sharlene George.

Cloud computing and storage is an undeniable migration path and IT strategy. Overall spending on cloud technology is expected to reach an estimated $150 billion annually by 2014, according to a recent Gartner Group study. And within healthcare, 35 percent of health IT professionals surveyed said their organization was implementing or maintaining cloud computing in 2012, up from 30 percent in 2011, according to a new survey by Vernon Hills, Ill., technology vendor CDW.

However, not every software application in healthcare is a candidate for moving to the cloud. And many old myths about cloud computing and cloud storage continue to confuse both covered entities (CEs) and business associates (BAs). The HIPAA omnibus rule, released in January 2013, basically incorporates the HITECH Act security provisions into HIPAA, confirming the security and privacy requirements in the utilization of technology in healthcare. Below are five key changes under the HIPAA Omnibus Rule:…

• BAs of CEs are now directly liable for compliance of certain privacy and security rules.
• The rule strengthens the limitations on the use and disclosure of PHI for marketing and fundraising, and it prohibits the sale of PHI without individual authorization.
• It adopts the increased and tiered civil monetary penalty structured by the HITECH Act.
• It mandates breach notification for unsecured PHI under the HITECH Act.
• It modifies the HIPAA privacy rule as required by the GINA (Genetic Information Nondiscrimination Act), prohibiting health plans from using or disclosing genetic information…

Read more from the source @ http://community.advanceweb.com/blogs/hi_1/archive/2013/03/15/cloud-computing-meets-hipaa-omnibus-a-provider-checklist.aspx