Failure to maintain a BAA with any cloud services vendor that creates, maintains (stores), receives or transmits electronic Protected Health Information (“ePHI”) could be punishable by a $50,000 fine. The regulations apply even if the data being stored online is fully encrypted.
Background
In August of 1996, Congress enacted the Health Insurance Portability and Accountability Act (“HIPAA”) which was subsequently amended in 2009 pursuant to the provisions of the Health Information Technology for Economic and Clinical Health Act (“HITECH”.)
The goals of the legislation are to reduce the administrative costs of healthcare, to develop standard transactions for consistency industry wide, to require broad security and disaster recovery protections for “individually identifiable healthcare information,” to promote confidentiality of patient records and to provide an incentive for the healthcare companies to communicate electronically.
Any health care organization, office, or plan that electronically maintains or transmits health information pertaining to an individual must comply with HIPAA regulations. These federally governed regulations require strict standards for security and disaster recovery.
Online backup from Dr.Backup can help you to meet mandated disaster recovery regulations by providing offsite data backup and recovery of electronic protected health information (“ePHI”.)
Use of Dr.Backup service does not on its own achieve HIPAA compliance. Your organization is responsible for ensuring that you have an adequate compliance program and internal processes in place, and that your particular use of Dr.Backup services aligns with HIPAA and the HITECH Act.