Health Information Compliance Alert
HIPAA Still Applies to Outsourced CSPs
PDF
Question: Our company uses a small cloud services provider (CSP) based in Canada. Does HIPAA still apply to our business arrangement? Florida Subscriber Answer: Yes, and all of the rules about electronic protected health information (ePHI), including the need for business associate agreements (BAAs), still apply. “Be aware that HHS Office for Civil Rights (OCR) warns of increased risk to ePHI processed or stored outside of the U.S., especially if the server is in a country where cybersecurity risk is high,” says Grant Elliott, CEO of Ostendio and co-founder and President of the Health Care Cloud Coalition (HC3). “More cloud service providers are touching ePHI every day. While the OCR provides sample business associate contract provisions as they relate to the HIPAA Privacy, Security, Breach Notification and Enforcement Rules, it doesn’t state specifically how the contracted parties can be sure that the provisions are followed,” Elliot says.
Health Information Compliance Alert
- Interoperability:
Final Rule Lays Out Data Blocking Exceptions
Understand the conditions, objectives, and categories. There’s no denying that data sharing between providers helps [...] - COVID-19:
Get the Facts on New Telehealth Updates
Feds permit more practitioners to bill telehealth now. Last month, the feds released a second [...] - Telehealth Services:
5 MAC Tips to Help With COVID-19 Telehealth Updates
Know these PHE basics. You may not be fighting COVID-19 on the frontlines, but that [...] - Cybersecurity:
Identify Phishers With This Expert Advice
Recognize these common hackers’ tricks. Even in the best of times, phishing can take down [...] - Reader Question:
HIPAA Still Applies to Outsourced CSPs
Question: Our company uses a small cloud services provider (CSP) based in Canada. Does HIPAA [...]