HealthCare Too Offers HIPAA Compliant Data Storage to Prepare for Sept 23 HIPAA Final Rule Deadline
HIPAA states that "a data storage company that has access to protected health information (whether digital
or hard copy) qualifies as a business associate, even if the entity does not view the information or only does
so on a random or infrequent basis." Are you ready?
Online PR News – 20-September-2013 – On September 23, 2013 HIPAA Compliance is mandatory for
Covered Entities as well as Business Associates and Subcontractors that create, receive, maintain, or
transmit Protected Health Information (PHI).
The new HIPAA Final Rule is very different from previous years. Business Associates (and their
subcontractors) are now fully and directly liable for HIPAA violations. Covered Entities, however, are not
entirely "off the hook" for downstream HIPAA Compliance due to the implementation of Federal common law
For HIPAA Compliance, organizations need to address a number of requirements such as:
HIPAA Privacy (Notice of Privacy Practices, or NPP),
HIPAA Security (various Safeguards), and now
HIPAA Data Storage.
Business Associates (and appropriate subcontractors) may only need to comply with some of the Privacy
Rule, depending on how the Business Associate Agreement is structured. All Business Associates (and
subcontractors who act as Business Associates) must comply with the entire Security Rule, including Data
Traditional hosting providers usually prohibit PHI from being stored on their servers. However, there has not
been much guidance about HIPAA Compliance and data storage companies as Business Associates... until
the HIPAA Final Rule:
"For example, a data storage company that has access to protected health information (whether digital or
hard copy) qualifies as a business associate, even if the entity does not view the information or only does so
on a random or infrequent basis."
For Covered Entities or Business Associates who store Protected Health Information with web hosting
companies or cloud providers, now is the time to ensure that PHI is part of a HIPAA Compliance regimen.
HealthCare Too offers these three simple questions to help Covered Entities and Business Associates
determine if they need HIPAA Cloud Hosting:
1) Does the organization have a Business Associate Agreement with the hosting provider?
2) Has the hosting provider implemented appropriate safeguards to comply with HIPAA?
3) Can the organization retrieve all backups, audit logs, and other system administration material for the
account from the hosting provider?
If the answer to all three questions is not “Yes”, HealthCare Too’s HIPAA Cloud Hosting provides the
assurance of high-performance, medical-grade HIPAA Cloud Hosting in a HIPAA audited data center (auditor
report available). You can get more information at our website (www.healthcaretoo.com), through email
(firstname.lastname@example.org) or through our toll-free number (866-596-4325).
565 Metro Place SouthrnSuite 3415