Expanded HITECH Cloud Services Article, plus Offshore Outsourcing Piece

If you’re concerned about the HITECH Business Associates problem for cloud services I’ve written about before here, you might want to have a look at the expanded version which has just been published in the ABA Information Security Committee’s Internet Security and Privacy News, HITECH Regulatory Traps for Healthcare Application Outsourcing and Cloud Services

On a very related note, I’ve had a couple of people ask about outsourcing processing of PHI to overseas operations, sometimes but not necessarily in a cloud context. I’ve dealt with this a few times, and while it’s not per se prohibited it is definitely a strategy to think through carefully before implementing. Here’s a piece I did on it a few years ago; I think the analysis is still valid under HITECH: Offshore Outsourcing of PHI Processing – Is It Permitted under HIPAA?.

 

Categories

Tags

bill gates cert christiansen it blog cobiT coco contract law do it yourself ehr issues ehrs electronic health records electronic health recores electronic medical records eula hackers healthcare system healthy information networks hipaa hitech information security information security duty information security theory infosec integrated information security standard of care integreated information security it law it risk it security legal counsel medical records nasa dod hacker network security newbie lawyers opering system risk acceptance risk assessment risk management risk theory secuirty rule security incident response poilicy security legislation self help strategic information security ufo hacking vista windows vista

Worthwhile Links