For years, the healthcare industry seemed to be the last sector to embrace cloud computing. With HIPAA compliance, storing private patient data in the cloud seemed much too risky from a security and legal standpoint. However, with a government-issued mandate to migrate patient data to electronic heath records, the cost effectiveness of the cloud was simply too logical not to entice independent practitioners and small healthcare entities now burdened by the need to invest technology and tech-savvy personnel. If only there was a way around the security and privacy concerns.
Find Our Cloud Computing Training in Top Cities
Want to become a cloud computing pro? Our Cloud Computing Post Graduate course is all you need to become one. Explore more about the program now.
Wish granted. In January of 2013, the U.S. Department of Health and Human Services introduced a few revisions to the regulations administered under the Health Insurance Portability and Accountability Act of 1996. Labeled the “Final Omnibus Rule,” this update spelled out the legal framework to be used by healthcare organizations working with cloud service providers. With a signed Business Associate (BA) agreement, a cloud service provider accepts the responsibility to protect patient data under HIPAA law. This expanded definition of BA means that the government can now hold cloud service providers accountable for data breaches.
Although many healthcare organizations had already entrusted certain cloud service providers with their data, only the HIPAA covered entity (the healthcare organization) was penalized in the event of a breach prior to this ruling. While the HIPAA covered entity is still responsible for oversight, this shared accountability with the cloud service provider has expanded responsibility and has led to an influx of healthcare organizations and cloud service providers working together, worry-free, in perfect harmony.