HIPAA in the Cloud – after the Omnibus Rules

Last fall, IBM developerWorks published an article I wrote on Privacy and security of patient data in the cloud.  Recently, I updated the article after the release of the Omnibus Rules.

I encourage you to read the article again or for the first time as I added additional information on:

  • The Omnibus Rule itself;
  • Cloud providers as Business Associates;
  • Business Associate Agreements;
  • Direct liability and civil monetary penalties for non-compliance; and
  • Breach notification rules.

I provide directions forward ending with:

The Omnibus Rules are an extension of the concepts first embodied in HIPAA to protect sensitive information about patients’ health and to ensure that this data is available and correct when needed for treatment. In undertaking responsibility of PHI as BAs or subcontractors, cloud service providers are now held to the same standards as covered entities — particularly the providers in whom the patients place their trust. Through understanding and clearly defining its role as a BA or subcontractor, a cloud service provider can not only avoid harsh penalties, but also preserve its reputation as a reliable partner in healthcare.

Ultimately, responsibility is important not only for HIPAA and HITECH compliance but also for ensuring trust. A doctor entrusts a BA with critical information shared by patients who have divulged their most intimate details and whose EPHI might be stored in the cloud. If their EPHI is compromised, patients might lose trust in their doctors and consequently their care might be put at risk. Thus, the significance of HIPAA and HITECH goes beyond law. EPHI is not merely data; it represents individuals, their health, and their lives.


Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: