08-06-13 | Blog Post
The deadline draws near – September 23, 2013 marks the date of when both business associates (now including cloud service providers) and covered entities must meet the HIPAA Omnibus rule, released in January to update the 15-year-old law.
A refresh is needed particularly to meet advancing technology and the push to electronic health record systems (EHRs) to streamline patient care and increase the healthcare industry’s efficiency in hopes to reduce healthcare costs.
The cloud is a big player in this game, allowing for high-capacity storage and processing of healthcare applications and data being produced en masse. With the cloud infrastructure as a service (IaaS), healthcare software as a service (SaaS) companies can take advantage of cloud scalability while protecting sensitive patient data – if designed with high availability and security at top of mind.
The Dept. of Health and Human Services recognizes the healthcare industry will use the cloud – but by placing cloud service providers under the scope of compliance, they are making it clear that the cloud needs to meet the same security standards to reduce the risk of a data breach.
Choosing a HIPAA compliant cloud provider isn’t simple in these times, and as a healthcare organization or SaaS company, you need to know the basics to ensure you’re covered by September 23:
Need more about HIPAA, the cloud, and data security? Read our HIPAA Compliant Hosting white paper.
This white paper explores the impact of HITECH and HIPAA on data centers. It includes a description of a HIPAA compliant data center IT architecture, contractual requirements, benefits and risks of data center outsourcing, and vendor selection criteria.
Read up more on the HIPAA omnibus rule in:
Final HIPAA Omnibus Rule: How it Changes Cloud Computing for Healthcare
The long-awaited final modifications to the HIPAA Privacy, Security, Enforcement and Breach Rules were introduced recently. The 563-word document outlines the changes that were initially slated for implementation last summer, also known as the final omnibus rule. …Continue reading →
Encryption for the HIPAA Compliant Cloud
Many cloud computing infrastructure as a service (IaaS) providers may provide log monitoring, antivirus, web application firewalls, SSLs, dedicated SANs and more for healthcare organizations, but often the missing ingredient lies in one key technical aspect: encryption. Encryption for healthcare … Continue reading →
HIPAA Hosting Provider BAAs Need to Reflect HHS Final HIPAA Privacy & Security Rules
Does your HIPAA hosting provider have a legal BAA (business associate agreement)? I just got off the phone with our attorneys who are updating our business associate agreement to reflect the changes required in the HHS final HIPAA Privacy and … Continue reading →