HIPAA compliance & the cloud: how do you evaluate a cloud provider?
The 2013 HIPAA Omnibus Final Rule changed everything for healthcare IT. It declared that any entity that “creates, receives, maintains, or transmits protected health information (PHI) on behalf of a covered entity” is now considered a Business Associate. This makes cloud providers subject to the same privacy and security requirements as a covered entity.
So if you’re a healthcare provider, not only do you need to be concerned about your own business, but you now need to be concerned about your cloud as well. This includes:
- The provider that hosts your email system
- The company that runs your voicemail system
- The datacenter where your data is physically stored
- And any other IT delivered by a third party
If your cloud provider is non-compliant, then YOU are non-compliant. And the penalties can be as high as $1.5 million in fines.
Here’s the good news: even with these new rules, the cloud is still a far more cost-effective and resource-efficient way to run your IT. You just need to be much more careful about which providers you choose.
And here’s how you do it.
Ask your cloud provider the 4 HIPAA questions
If you want to determine if a cloud provider meets HIPAA regulations, there are four questions you should ask.
Here they are in a nutshell:
- Will you sign a HIPAA Business Associates Agreement?
- Have you implemented HIPAA-specific policies and procedures, conducted a HIPAA risk analysis, and completed workforce training?
- Has your organization submitted to a third-party audit to validate your HIPAA compliance?
- Do your services need to be specially configured to be HIPAA compliant? And will you help me with that configuration?
That’s the overview. But before you call a provider, you should know all the specifics. We’ve posted greater context for these questions—and details about the answers you should look for—on our HIPAA compliance and business email web page. (These questions and answers apply to ANY cloud service, not just email.)
To find out how Intermedia answers these questions, call us today at (800) 379.7729.