I Think So.
To be honest, if that is your answer, you better make sure straight away that they are a HIPAA complaint cloud storage supplier. If you are found to be in breach of the HIPAA requirements and the Security Rule and Privacy Rule, the penalties for that breach range from $100 up to $250,000 plus 10 years imprisonment, plus a place on the Department of Health and Human Services Wall off Shame. To lay yourself open to these potential penalties all because you did not check properly is a great risk. The provider saying that they are is not accepted as an excuse.
What do I need to Check For to Ensure They Are?
Firstly if your provider is a HIPAA cloud storage company they will not be a “HIPAA Certified” cloud storage company. There is no recognized board of certification for HIPAA cloud storage providers. Any reputable cloud service provider will be independently audited every year. This will be carried out in accordance with the HIPAA Audit Protocols for both their method of operation and their infrastructure.
Ideally this should be measured against the Office of Civil Rights laid down criteria. They HIPAA cloud storage provider will expect and be willing to sign a business associate’s agreement (BAA). This must be a written agreement between you and the HIPAA compliant cloud storage provider. The agreement lays down what your cloud storages provider will do for you. It also confirms that it will work within the requirements of HIPAA requirements.
Yes, now that you’ve satisfied yourself with the above, you still need to carry out and document your due diligence. Due diligence requires that you ask of the HIPAA compliant cloud storage company some detailed questions. Among the questions you may wish to ask could be;
• Who is it within the cloud service provider is responsible for ensuring that the provider is HIPAA compliant?
• What procedures does the cloud service provider have in place to ensure business continuity in the event of a failure of service?
• What training program and ongoing awareness programs do they have in place for all their employees to ensure that the security requirements of HIPAA are adhered to?
• Does the cloud service provider have a track record in dealing with, and fully complying with the requirements of HIPAA?
• Are you able to confirm the standards by which their company has their security audit carried out and can you see the results?
There are no doubt more questions that you will need to ask specific to your requirements. These questions are only general and intended as just some possible suggestions.visit the original source for more information.
OK, Done All That is That it?
You have done carried out the checks on the HIPAA compliant cloud service provider and satisfied yourself that they are complying with the Security Rule and the Privacy Rule, is that all you need to do? To put it simplistic terms, no. You have to carry out these check http://searchsecurity.techtarget.com/answer/Googles-HIPAA-compliant-cloud-what-you-need-to-know regularly. Remember the onus is on you.