JASON ATCHLEY : LEGAL TECHNOLOGY : CLOUD COMPUTING EFFICIENT BUT RISKY FOR PROTECTED HEALTH INFORMATION  

 

jason atchley

Cloud Computing Efficient but Risky for Protected Health Information

Expert weighs in on protected health information and privacy concerns in cloud-based computing.

Sherry Karabin, Law Technology News

April 01, 2014    |0 Comments

businessman pushing cloud button
So you made the switch to cloud computing, you’re certainly not alone. In fact according to Ian Carleton Schaefer, co-leader of the technology, media and telecommunications strategic industry group at Epstein Becker & Green, some reports say more than one-half of U.S. businesses now use the cloud. But are they being proactive in protecting data and mitigating security risks?
In a Take 5 Newsletter posted on the firm’s website, Schaefer addresses a number of potential employment law concerns including protected health information or PHI.
Businesses that use cloud platforms to store and access personnel records, benefits and other information are likely storing PHI, Schaefer says, and that means adhering to all obligations under the Health Insurance Portability and Accountability Act of 1996. Not complying can result in a big hit to a company’s bottom line.
According to Schaefer, last March the Department of Health and Human Services expanded HIPAA’s applicability beyond covered entities like healthcare providers to business associates, which are defined as a person or entity that creates, receives, maintains, or transmits PHI in fulfilling certain functions or activities for a HIPAA covered entity. Note that if law firms or another business handles PHI for a covered entity, HIPAA privacy and security rules will apply to that firm or business as a business associate.
“Employers that determine a cloud vendor is indeed a business associate must have a business associate agreement (“BAA”) in place,” he explains. “The BAA sets the terms for what PHI is being maintained or processed by the cloud vendor and for knowing where the data goes, from inception to disposal.”
In the event of a breach, employers and their business associates must comply with HIPAA’s breach notification rule.
Sherry Karabin is a freelance writer and reporter based in New York City. Email: sherry.karabin@yahoo.com.
 

Read more: http://www.lawtechnologynews.com/id=1396283412088/Cloud-Computing-Efficient-but-Risky-for-Protected-Health-Information#ixzz2xebD9Alh

 
 
 
Advertisements

One thought on “JASON ATCHLEY : LEGAL TECHNOLOGY : CLOUD COMPUTING EFFICIENT BUT RISKY FOR PROTECTED HEALTH INFORMATION  

  1. Pingback: JASON ATCHLEY : LEGAL TECHNOLOGY : CLOUD COMPUT...

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: