With the proliferation and widespread adoption of cloud computing solutions, HIPAA covered entities and business associates are questioning whether and how they can take advantage of cloud computing, while complying with the HIPAA Rules.  In response, the HHS Office for Civil Rights (OCR) has issued important new guidance to assist organizations, including cloud service providers (CSPs), in understanding their HIPAA obligations.  The guidance presents key questions and answers to assist HIPAA-regulated CSPs and their customers in understanding their responsibilities under the HIPAA Rules when they create, receive, maintain, or transmit electronic protected health information using cloud products and services.

You may find the new guidance on OCR’s website at:  http://www.hhs.gov/hipaa/for-professionals/special-topics/cloud-computing/index.html

OCR’s FAQs on this topic may be found under “Business Associates – Cloud Computing” at:  http://www.hhs.gov/hipaa/for-professionals/faq/business-associates