HIPAA breaches and cloud providers

I think we can all agree, cloud computing is here to stay. It's cheaper, more reliable and oftentimes more secure than maintaining your own server infrastructure. Some cloud providers even offer HIPAA compliant infrastructure as an add-on service. Whether you opt to use cloud services like Google Docs or cloud solutions like Paubox, keep in mind that cloud providers must adhere to the same rules as other Business Associates.

Google Docs is not HIPAA compliant unless...

For example, let's take a look at a recent HIPAA breach at Oregon Health & Science University. Protected health information for over 3,000 patients was compromised after several residents and physicians-in-training inappropriately used Google docs to maintain a spreadsheet of patient data. The HIPAA violation occurred when Google did not sign a Business Associate Agreement (BAA) with OHSU. As we've covered before, a Business Associate Agreement is a contractual agreement between a covered entity and Business Associate. When a Business Associate stores, handles, or discloses protected health information on behalf of a covered entity, a BAA is required by law.

Choose a Cloud Service that adheres to HIPAA Regulations

If you are a covered entity, a BAA is a must for any technology vendor that handles PHI for you. Insist that all of your Business Associates sign such an agreement with you. Here at Paubox, we have a Business Associate Agreement ready for your review and signature. Contact us today to get started.