ARTICLE
22 July 2016

Government Enforcement Hits the Cloud

DP
Day Pitney LLP

Contributor

Day Pitney LLP logo
Day Pitney LLP is a full-service law firm with more than 300 attorneys in Boston, Connecticut, Florida, New Jersey, New York and Washington, DC. The firm offers clients strong corporate and litigation practices, with experience on behalf of large national and international corporations as well as emerging and middle-market companies. With one of the largest individual clients practices on the East Coast, the firm also has extensive experience assisting individuals and their families, fiduciaries and tax-exempt entities plan for the future.
This week, the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services announced a settlement of alleged HIPAA violations that may have signaled the start of OCR's next wave of enforcement actions.
United States Food, Drugs, Healthcare, Life Sciences

This week, the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services announced a settlement of alleged HIPAA violations that may have signaled the start of OCR's next wave of enforcement actions.

Reporter James Swann's July 19 post on Bloomberg BNA's  Health Care Blog, "Government Enforcement Hits the Cloud," about the OCR's $2.7 million settlement with Oregon Health & Science University points out the possible significance of the action. The blog post quotes Day Pitney healthcare lawyer Eric Fader, whose views on the matter were set forth in more detail here.

Although this latest settlement also involved the theft of a laptop that contained unencrypted patient records, its primary importance should be as a wakeup call to healthcare providers who use cloud-based services to store patient records, send emails containing protected health information, or even maintain surgical calendars. Under the 2013 HIPAA Omnibus Final Rule, data storage companies that store protected health information (PHI), in the cloud or elsewhere, are considered business associates even if they never actually access the PHI. Therefore, business associate agreements between the healthcare providers and these vendors will be necessary.

Click here for more Healthcare Blogs from Day Pitney

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More