The HIPAA Security Rule focuses on safeguarding electronic protected health information (ePHI) held or maintained by regulated entities. The ePHI that a regulated entity creates, receives, maintains, or transmits must be protected against reasonably anticipated threats, hazards, and impermissible uses and/or disclosures. This publication provides practical guidance and resources that can be used by regulated entities of all sizes to safeguard ePHI and better understand the security concepts discussed in the HIPAA Security Rule.
So at what point can a lawyer say that all the cloud breaches violate the “reasonably anticipated” rule?
atomicbocks@sh.itjust.works 3 weeks ago
There is no certification process in place for using a cloud to store HIPAA data. It even says that on the page that you linked. Legally, any organization that used this service would be opening themselves to further liability under HIPAA.
4am@lemmy.zip 3 weeks ago
Tell that to literally every hospital, medical provider, and insurer in the United States.
They’re all using AWS, and OneDrive.
IchNichtenLichten@lemmy.wtf 3 weeks ago
That’s news to me. Every time to vendor tries to get me to switch to their cloud product I tell them to get lost. I’m not willingly handing over patient data to these clowns, I’ve seen how bad they are at security.
atomicbocks@sh.itjust.works 3 weeks ago
I am a software developer who does custom EMR software specifically because the places I work for can’t use the cloud. But okay I will try…
wholookshere@piefed.blahaj.zone 3 weeks ago
can you site the part of HIPAA that says that?
There’s no certification for HIPAA defined in law.
atomicbocks@sh.itjust.works 3 weeks ago
No I can’t cite something that doesn’t exist. I literally just said there isn’t one… so I am not sure what your point is.
wholookshere@piefed.blahaj.zone 3 weeks ago
What legal violation? Because the law says nothing about that.