Page 20 - Spring 2021
P. 20

The Fractional General Counsel
Question of the Week: Is your Medical software provider using the
Cloud to store data?
Steven Boyne, Esq. Florida Healthcare Law Firm
   These days everyone is migrating to the Cloud. This exodus away from servers to the cloud is driven by the flexibility, security and pricing that Cloud services such as AWS (Ama- zon Web Services), Microsoft’s Azure, Google Cloud and IBM offer software developers. It is a pretty safe assump- tion that most healthcare software vendors are currently using the Cloud,
or they plan on using the Cloud.
So, why do you want to ask that question? Because, believe it or not, most major cloud service providers do not offer HIPAA compliance by default. They can all be configured to be HIPAA compliant, and as far as the regulators are concerned it is up to the Covered Entity (i.e. the Healthcare provider) to enforce
the compliance. If AWS or Azure has a data breach and your patient’s data is involved, then you can be held liable. To close this loophole, you should ask your software vendor (1) do they store data on the Cloud; and (2) if so, to provide evidence that they are configuring their interface and services with the Cloud provider to ensure HIPAA compliance. If the vendor doesn’t know the answer, or is unwilling to discuss how they utilize the tools available by the Cloud providers to make the Cloud HIPAA compliant, then it may be time to find another vendor.
The Florida Healthcare Law Firm serves as an HCMA Ben- efit Provider providing legal services to members. FHLF offers a complimentary hotline, an “Online Store,” and free webinars for HCMA members. Visit the innovative resource center at www. FloridaHealthcareLawFirm.com or contact Jeff Cohen at JCo- hen@floridahealthcarelawfirm.com.
   20
HCMA BULLETIN, Vol 66, No. 4 – Spring 2021
























































































   18   19   20   21   22