Back in the days when healthcare records were stored in giant filing cabinets in manila folders, security was a matter of having strong locks and restricted access. But today, with all of the benefits of electronic health records and cloud storage, matters are a bit more complicated. Healthcare providers have become accustomed to the stringent regulations – and associated penalties – of the Health Insurance Portability and Accountability Act (HIPAA) but now, with new regulations looming, other providers will be forced to align themselves with the latest provisions.
Cloud service providers, in particular, will need to be compliant with HIPAA if they plan to do business with healthcare organizations. Updates to HIPAA expand the definition of “business associates,” who must follow the same guidelines as physicians and insurance providers. In fact, the new rules specifically address cloud providers, stating, “Document storage companies maintaining protected health information on behalf of covered entities are considered business associates, regardless of whether they actually view the information they hold.”