CMS issues new guidance for following HIPAA into the cloud

The Department of Health and Human Services has released multiple guidance relating to best HIPAA practices.

Cloud and access rights continue to be major concerns for HIPAA.
October 24, 2016

HIPAA compliance is important both for hospitals and every organization they work with that handles personal data, including medical billing firms. The Department of Health and Human Services has published new guidance, however, addressing the rigors of HIPAA rules with the growth of cloud computing. With cloud technology posing possible advantages for healthcare, the advisory may be especially important.

As the official HHS site said, the guidance applies specifically to "business associates," among others, to address possible questions surrounding cloud use. While a covered entity can store electronic protected health information in the cloud, it has to sign a "business associate contract or agreement" to assure HIPAA compliance.

"The new guidance may prove especially important with cloud technology."

Since HIPAA is multilayered, entities will have to remember the applications for the Breach Notification, Privacy and Security Rules. The source also noted that Cloud Services Providers are still business associates even if all of the protected data they store is encrypted.

Though the guidance also avoids recommending any particular brands, it does allow providers to access relevant information in the cloud through mobile devices if they take the correct precautions.

This follows other HIPAA guidance released earlier this year. In a press release from Feb. 25, Jocelyn Samuels, director of the HHS Office of Civil Rights, said that individuals are "empowered" when they have the right to send information to a third party. This may have been about a separate HIPAA issue (right of access), but it sill ties into the ways the HHS is preparing for greater concerns.

PROMEDICAL is a national healthcare revenue cycle management company. Since 1995, we have provided the healthcare community with a client- focused, technology driven, revenue cycle partner.  Our third party liability solutions include workers' compensation and motor vehicle accident billing. A partnership with PROMEDICAL ensures proper reimbursement, timely resolutions and increased cash.