CONTRIBUTOR

Most Read: Contributor United States, November 2023

ARTICLE

United States: OCR Guidance On Cloud Computing

26 October 2016

by Shannon Britton Hartsfield

Holland & Knight

Your LinkedIn Connections
with the authors

To print this article, all you need is to be registered or login on Mondaq.com.

Shannon Hartsfield Salimone is a Partner in our Tallahassee office.

In recent guidance, OCR confirmed a number of positions it has taken informally over the years regarding how HIPAA affects cloud computing arrangements. For example, OCR stated that a company that stores protected health information (PHI) in the cloud for an entity subject to HIPAA is a business associate, even if the PHI is encrypted and the business associate has no way to access it. Failure to enter into a business associate agreement with a cloud service provider (CSP) storing PHI would violate the HIPAA regulations. OCR noted that CSPs generally do not qualify as conduits that would not need to enter into business associate agreements.

CSPs may store PHI outside of the United States, although the risks associated with such arrangements must be analyzed. A particularly helpful portion of the guidance makes it clear that a business associate is not required to subject itself to audits by the covered entity or provide special documentation to the covered entity documenting its security practices. The guidance is designed to assist both CSPs and the covered entities and business associates that use them.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

AUTHOR(S)

Shannon Britton Hartsfield

Holland & Knight

ARTICLE TAGS

United States Privacy Privacy Protection Technology Security

POPULAR ARTICLES ON: Technology from United States

RELATED CONTENT

FREE News Alerts

Sign Up for our free News Alerts - All the latest articles on your chosen topics condensed into a free bi-weekly email.

Article Tags

United States Privacy Privacy Protection Technology Security

Related Articles

Ankura CTIX FLASH Update - April 9, 2024 Ankura Consulting Group LLC

Tax Alert: You Got A Call From The IRS – Now What? Shulman Rogers

Pulman Comments On Legal Issues For AI Copying Of Celebrity Voices Pryor Cashman LLP

Key Deadlines Approaching Under NYDFS Cybersecurity Regulations McDonald Hopkins

NYDFS Cybersecurity Regulation Deadlines Approaching On April 15 And April 29 Katten Muchin Rosenman LLP

Mondaq Webinars

APR24

Mastering Mediation & Arbitration: Strategies for Navigating the Rising Tide of Privacy Class Action Lawsuits

APR25

Canadian Employment Law: Updates and Emerging Trends in Employment

McCarthy Tétrault LLP

Comparative Guides

Anti-Corruption & Bribery

Artificial Intelligence

Aviation Finance

Aviation Regulation

Banking Regulation

Mondaq Advice Centres

United States

Advertising and Marketing

United States

Telemarketing

United States

COVID-19

Global

Trademarks in SAARC Countries

United States

International Trade Law & Customs

Curated Content

Evolving Legal Norms For Artificial Intelligence In The European Union And The United States
Braumiller Law Group, PLLC

The Use Of AI In ADR: Balancing Potential And Pitfalls
JAMS

Assessing The Benefits And Challenges Of Tokenizing Real World Assets
Braumiller Law Group, PLLC

Knowing What's Ahead: Dispute Resolution Planning For Startups In The New Age Of Generative AI
JAMS

Can The U.S. Mitigate Digital Assets Fraud While Fostering Innovation?
Braumiller Law Group, PLLC

Upcoming Events

APR24

Legal Perspective: Data Privacy Considerations Within Medical Information Operations

Speaking Engagement Boston United States

APR24

Artificial Intelligence And The Growing Concerns For The Insurance Market

Wilson Elser Moskowitz Edelman & Dicker LLP

Summit Princeton United States

More filters

Mondaq Social Media

© Mondaq® Ltd 1994 - 2024. All Rights Reserved.

Please to Mondaq or for unlimited free access and a complimentary news alert

|

|

|

|