A business associate is an entity or person, other than a member of the workforce of a covered entity, that performs functions or activities on behalf of, or provides certain services to, a covered entity that involve creating, receiving, maintaining, or transmitting PHI. A covered entity is a health plan, a health care clearinghouse, or a health care provider who conducts certain billing and payment related transactions electronically. Covered entities and business associates must comply with the applicable provisions of the HIPAA Rules. The HIPAA Privacy, Security, and Breach Notification Rules (the HIPAA Rules) establish important protections for individually identifiable health information (called protected health information or PHI when created, received, maintained, or transmitted by a HIPAA covered entity or business associate), including limitations on uses and disclosures of such information, safeguards against inappropriate uses and disclosures, and individuals’ rights with respect to their health information. We encourage covered entities and business associates seeking information about types of cloud computing services and technical arrangement options to consult a resource offered by the National Institute of Standards and Technology SP 800-145, The NIST Definition of Cloud Computing. Common cloud services are on-demand internet access to computing (e.g., networks, servers, storage, applications) services.
#Oncloud website software
CSPs generally offer online access to shared computing resources with varying levels of functionality depending on the users’ requirements, ranging from mere data storage to complete software solutions (e.g., an electronic medical record system), platforms to simplify the ability of application developers to create new products, and entire computing infrastructure for software programmers to deploy and test programs. This guidance focuses on cloud resources offered by a CSP that is an entity legally separate from the covered entity or business associate considering the use of its services.
This guidance assists such entities, including cloud services providers (CSPs), in understanding their HIPAA obligations.Ĭloud computing takes many forms. With the proliferation and widespread adoption of cloud computing solutions, HIPAA covered entities and business associates are questioning whether and how they can take advantage of cloud computing while complying with regulations protecting the privacy and security of electronic protected health information (ePHI).
0 kommentar(er)
