03-26-13 | Blog Post
The Web Host Industry Review (WHIR) recently featured a Q&A with Online Tech’s Director of Healthcare Vertical discussing the recent regulations that take effect today, March 26. The new HIPAA rules affect HIPAA hosting providers, as they are considered business associates of healthcare organizations that deal with protected health information (PHI).
The final HIPAA omnibus rule extends the liability and consequences of a data breach further down the chain-of-trust, widening the scope to include not only hosting providers, but their subcontractors as well. April explains how hosting providers that choose to reassess their security framework and restructure the design of their controls according to the OCR (Office for Civil Rights) Audit Protocol can better comply with the new HIPAA regulations.
The OCR Audit Protocol is the result of a year of pilot testing by the government to do fieldwork in order to better understand the state of compliance in the industry and how to clarify the guidelines set forth by HIPAA. This list of standards and testing procedures guide auditors when scrutinizing hosting providers and covered entities for compliance with HIPAA. Any organization that wants to minimize risk of a data breach should be audited against the latest federal standards.
April also discusses the regulations as they relate to Online Tech’s existing HIPAA compliant hosting services, including changes for colocation and private cloud clients.
Read the full interview with the WHIR. Additionally, check out these resources to learn more about how the new HIPAA rules change the game for hosting providers:
HIMSS 13: HHS Final Ruling Changes the Rules & Roles for HIPAA Hosting
At HIMSS 13, I attended a session, A Dialogue on HIPAA/HITECH Compliance: Considerations Now That the HITECH Rules Are Here that revealed insights into real-world applications of the new privacy and security rules, including the practical implications of the final … Continue reading →
HIPAA Hosting Provider BAAs Need to Reflect HHS Final HIPAA Privacy & Security Rules
Does your HIPAA hosting provider have a legal BAA (business associate agreement)? I just got off the phone with our attorneys who are updating our business associate agreement to reflect the changes required in the HHS final HIPAA Privacy and … Continue reading →
Final HIPAA Omnibus Rule: Business Associate Agreements & Roadmap to Compliance
In addition to redefining business associates (BAs) and including subcontractors in the scope of liability, the final HIPAA omnibus rule has prompted the release of a new sample business associate agreement by the Dept. of Health and Human Services (HHS). … Continue reading →
How the Final Omnibus Rule Affects HIPAA Cloud Computing Providers
The long-awaited final modifications to the HIPAA Privacy, Security, Enforcement and Breach Rules were introduced Thursday. The 563-word document outlines the changes that were initially slated for implementation last summer (remember the omnibus rule?). So how do these modifications affect … Continue reading →