By David Linthicum

Healthcare providers and payers that utilize cloud platforms to store and access personnel records (and like data) are probably storing protected health information (“PHI”), which is protected by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Rules now in place govern the use of cloud computing to store health-related data, including personnel-related data.  The consequences for failure to comply can be severe to a company’s bottom line, including some heavy fines and PR nightmares.

In March of last year, the Department of Health and Human Services (“HHS”) finalized the HIPAA Omnibus Rule, which made the regulation more cloud friendly.  This rule expanded HIPAA’s applicability beyond covered entities (health care providers and/or payer) to business associates. By definition, a “business associate” is a person or entity that creates, receives, maintains, or transmits PHI in the course of fulfilling certain functions or activities for …