As a clinician, office manager or another dental professional, you may have questions when it comes to HIPAA and HITECH compliance in relation to the cloud. We are going to do our best, to sum up, the requirements for cloud solutions to be HIPAA compliant. With the widespread adoption of cloud computing solutions — even in healthcare — HIPAA covered entities are questioning whether and how they can take full advantage of all that cloud computing has to offer while complying with the regulations regarding the protection and privacy of electronic protected health information (ePHI).

May a HIPAA covered entity use a cloud solution to store or process ePHI?

Yes, provided that the covered entity and vendor execute a HIPAA-compliant business associate agreement (BAA). The BAA establishes the permitted and required uses and disclosures of ePHI by the business associate performing activities or services for the covered entity. The BAA contractually requires the business associate to appropriately safeguard the ePHI, including the implementation of the requirements of the HIPAA Security Rule. HIPAA regulations require that both the covered entity and business associate conduct risk analyses to identify and remedy potential threats and vulnerabilities to the confidentiality, integrity, and availability of all ePHI they create, receive, maintain, or transmit. Service level agreements (SLA) are often used by the business associate to address more specific business expectations between the business associate and covered entity. Some of the items in the SLA may be relevant to HIPAA compliance, such as:
  • Systems availability and reliability
  • Backup and data recovery
  • How data will be returned to the covered entity upon termination of the business relationship
  • Security responsibilities
  • Use, retention and disclosure limitations

HIPAA and Practice Cloud℠

Dental Allies makes available to dental practices a variety of cloud-based services branded as Practice Cloud. These include email providing encryption and archiving to achieve HIPAA compliance, a cloud-based PBX (phone system), and cloud-based file backup and management. Practice Cloud services are designed to meet the privacy and security requirements for ePHI. Policies, procedures, technologies, and services are audited by a third party to validate compliance with HIPAA privacy and security requirements. Dental Allies will execute a business associate agreement with a covered entity. Practice Cloud conforms with the HIPAA Security Rule (45 CFR Part 160, 164), which requires the implementation of technical security measures to safeguard against unauthorized access to ePHI that is being transmitted over an electronic communications network. Practice Cloud complies with the HIPAA Security Rule by:
  • Offering email encryption that is designed to meet HIPAA standards
  • Providing pre-defined encryption policies for ePHI, identity and financial data
  • Execution of a HIPAA-compliant business associate agreement containing commitments by Dental Allies to comply with the requirements of HIPAA to facilitate the covered entity’s compliance with the regulations
Want to know more about our HIPAA compliance or how we can help your dental practice migrate to the cloud? Give us a call at 1-800-881-6674 or send us an email.
Recommended Posts