Tuesday, April 1, 2014

Jason Atchley : Legal Technology : Cloud Computing Efficient but Risky for Protected Health Information

jason atchley

Cloud Computing Efficient but Risky for Protected Health Information

Expert weighs in on protected health information and privacy concerns in cloud-based computing.
, Law Technology News
    |0 Comments

businessman pushing cloud button
So you made the switch to cloud computing, you’re certainly not alone. In fact according to Ian Carleton Schaefer, co-leader of the technology, media and telecommunications strategic industry group at Epstein Becker & Green, some reports say more than one-half of U.S. businesses now use the cloud. But are they being proactive in protecting data and mitigating security risks?
In a Take 5 Newsletter posted on the firm’s website, Schaefer addresses a number of potential employment law concerns including protected health information or PHI.
Businesses that use cloud platforms to store and access personnel records, benefits and other information are likely storing PHI, Schaefer says, and that means adhering to all obligations under the Health Insurance Portability and Accountability Act of 1996. Not complying can result in a big hit to a company’s bottom line.
According to Schaefer, last March the Department of Health and Human Services expanded HIPAA's applicability beyond covered entities like healthcare providers to business associates, which are defined as a person or entity that creates, receives, maintains, or transmits PHI in fulfilling certain functions or activities for a HIPAA covered entity. Note that if law firms or another business handles PHI for a covered entity, HIPAA privacy and security rules will apply to that firm or business as a business associate.
“Employers that determine a cloud vendor is indeed a business associate must have a business associate agreement ("BAA") in place,” he explains. “The BAA sets the terms for what PHI is being maintained or processed by the cloud vendor and for knowing where the data goes, from inception to disposal.”
In the event of a breach, employers and their business associates must comply with HIPAA's breach notification rule.
Sherry Karabin is a freelance writer and reporter based in New York City. Email: sherry.karabin@yahoo.com.


Read more: http://www.lawtechnologynews.com/id=1396283412088/Cloud-Computing-Efficient-but-Risky-for-Protected-Health-Information#ixzz2xebD9Alh




No comments:

Post a Comment