The U.S. Department of Health & Human Services has released guidance on the best ways for HIPAA covered entities and business associates to use cloud computing solutions while protecting electronic health records. “This guidance focuses on cloud resources offered by a CSP [cloud service provider] that is an entity legally separate from the covered entity or business associate considering the use of its services. CSPs generally offer online access to shared computing resources with varying levels of functionality depending on the users’ requirements, ranging from mere data storage to complete software solutions,” the announcement said. The guidance answers several concerns, including whether covered entities can use a cloud service to store or process ePHI [electronic protected health information], and if HIPAA rules allow health care providers to use mobile devices to access ePHI in the cloud.
If you want to comment on this post, you need to login.