Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Regulations and the cloud: HIPAA modification provides clarity

Thomas J. Trappler | Feb. 13, 2013
Many regulatory requirements that impact cloud computing were enacted before cloud computing came into existence. As a result, they don't directly or effectively address issues that can arise because of the cloud, leaving both client organizations and cloud vendors without clear guidance on how to comply. While such laws are typically updated at a much slower pace than the cloud evolves, now that the cloud is becoming more established, some regulations are starting to catch up. A case in point is the Health Insurance Portability and Accountability Act (HIPAA).

* If a business associate engages a subcontractor to perform a function or service that involves use or disclosure of PHI, then the business associate is obligated to enter into a BAA with the subcontractor.

* If a breach of PHI occurs at the subcontractor tier, then the subcontractor must notify the business associate, which then must notify the covered entity. The covered entity must then notify the affected individuals, unless it has delegated such responsibilities to a business associate.

The maximum penalty for HIPAA noncompliance is $1.5 million per violation, so clients and cloud vendors have good reason to understand these latest modifications.

 

Previous Page  1  2 

Sign up for Computerworld eNewsletters.