Smart Buyer
  • Shop On NeweggBusiness
  • Categories
    • Buying Guides
    • Components
    • DIY and How-to
    • Industry Trends
    • NetSec
    • Networking
    • Storage
    • Systems – PC & Laptop
    • Windows
  • About
  • Why NeweggBusiness?
  • Contact Us
Top Posts
PC Cooling: How to Set up Computer Case...
5 Ways to Stream from PC to TV...
How to Choose the Correct RAM Upgrade
How to Troubleshoot a PC Power Supply
Four Apps that Make Your Tablet a Second...
2019 Solid State Drive (SSD) Buying Guide
6 Reasons Your PC is Slow and How...
How-to Guide: Small Office Network Setup
Born in the USA: Computer Hardware Made in...
Computer Monitor Buying Guide 2019

Smart Buyer

  • Shop On NeweggBusiness
  • Categories
    • Buying Guides
    • Components
    • DIY and How-to
    • Industry Trends
    • NetSec
    • Networking
    • Storage
    • Systems – PC & Laptop
    • Windows
  • About
  • Why NeweggBusiness?
  • Contact Us
Healthcare

4 Questions Healthcare Practices Need to Ask Cloud Providers

by Adam Lovinus October 29, 2015
by Adam Lovinus October 29, 2015 0 comment 5312 views

The decision to go to the cloud for data storage and processing can be an exciting, if not daunting process. Many covered entities have found great cost savings and improved up time for their companies. That said, choosing a cloud provider is not without its pitfalls.  While there are many considerations to take into account, here are some of the most important questions to ask.

Will your cloud provider sign a Business Associate Agreement (BAA)?

Business Associate agreements are required by HIPAA for any covered entity that obtains the services of an entity that performs functions or activities that involve the use or disclosure of protected health information. In addition to vetting any BAA for specific HIPAA requirements, you must ask your cloud provider whether they will negotiate a BAA, or if their BAAs are “take it or leave it.”  Remember, you are paying someone to be the steward of your clients’ data and you can be liable for any breaches or damages that they cause.

Will your cloud provider disclose their physical and technical security policies for their facilities?

As a covered entity, you cannot complete your HIPAA policies without knowing exactly how your cloud provider restricts physical and digital access to their facility. Policies such as visitor badges, ID checks, and hardware monitoring are crucial to any security rule policies. Simply put, if they won’t share how they secure your clients’ data, why should you trust them?

When did the cloud provider last perform a security risk analysis?

Any cloud provider worth their salt will be able to provide their most recent security risk assessment and audit. Many companies perform these assessments several times a year. The follow-up question is to ask whether the cloud provider uses NIST standards when performing its risk assessments. The importance of verifying the type of assessment cannot be overstated, NIST guidelines serve as the foundation for any OCR investigation into a security rule related breach.

What breach notification procedures are in place when an incident occurs?

Many covered entities often overlook this issue and fail to set specific notification timeframes for security events, incidents, and breaches. Reporting requirements vary by state and entity, but some breach notification requirements are as short as 60 Minutes (Texas). Despite these tight notification timeframes, some cloud providers give themselves as much as 30 days before they are required to notify their customers of a breach. As part of this process, you should audit each state you are in and each contract you have to verify notification timeframes and procedures.

As with any new vendor, be sure to ask for client references and have your attorney review all legal documentation. Remember, you are liable for the actions of your business associate and your only protection is a well planned and crafted business associate agreement.

Related content:

  • 10 Technology Tips to Avoid HIPAA Violations
  • Most HIPAA Violations Stem From Network Server Breaches
  • Essential Hardware for HIPAA Compliance in 2015

4 Questions Healthcare Practices Need to Ask Cloud Providers is authored by Hudson Harris, a HIPAA attorney and privacy expert—read more about the intersection of HIPAA and technology at his blog, Legal Levity.

Adam Lovinus

Adam Lovinus

A tech writer and Raspberry Pi enthusiast from Orange County, California.

More Posts - Website - Twitter - LinkedIn - Google Plus

Summary
4 Questions Healthcare Practices Need to Ask Cloud Providers
Article Name
4 Questions Healthcare Practices Need to Ask Cloud Providers
Description
4 questions a healthcare practice must ask a cloud provider before storing company data off premises.
Author
Hudson Harris
hipaa
0 comment
0
FacebookTwitterGoogle +PinterestEmail
Adam Lovinus
Adam Lovinus

A tech writer and Raspberry Pi enthusiast from Orange County, California.

previous post
Are M.2 NVMe Drives Ready for the Limelight?
next post
Thinking on Your Feet: The Standing Desk Gains Momentum in the Classroom

Related Posts

What Does Connected Healthcare Look Like?

September 22, 2020

CARES Act Funding Puts Technology to Work

August 20, 2020

What Does Medical Grade Mean for a Computer...

January 30, 2018

Most Wellness Programs Fail; How to Make Yours...

October 11, 2016

For Healthcare Technology Compliance, Don’t Overthink the Hardware

April 25, 2016

10 Technology Tips to Avoid HIPAA Violations

August 19, 2015

Most HIPAA Violations Stem from Network Server Breaches

July 20, 2015

Essential Hardware for HIPAA Compliance in 2015

March 24, 2015

Look for Smartphones to Become a Primary mHealth...

December 19, 2014

Navigating Barcode Scanner Deployment in a Healthcare Setting

October 20, 2014

What's your take? Cancel reply

Subscribe

Savings Spotlight
  • 1

    PC Cooling: How to Set up Computer Case Fans

    September 25, 2015
  • 2

    5 Ways to Stream from PC to TV or Digital Display

    May 23, 2016
  • 3

    How to Choose the Correct RAM Upgrade

    April 28, 2015
  • 4

    How to Troubleshoot a PC Power Supply

    July 11, 2018
  • 5

    Four Apps that Make Your Tablet a Second Monitor

    January 9, 2018
  • 6

    2019 Solid State Drive (SSD) Buying Guide

    December 6, 2018
  • 7

    6 Reasons Your PC is Slow and How to Fix It

    February 28, 2019
  • 8

    How-to Guide: Small Office Network Setup

    December 20, 2018
  • 9

    Born in the USA: Computer Hardware Made in America

    September 27, 2018
  • 10

    Computer Monitor Buying Guide 2019

    January 4, 2019

Newegg + Business

How is this different from Newegg.com?

Why NeweggBusiness?
  • Facebook
  • Twitter
  • Linkedin
  • Email