This month, Google joined Microsoft and Amazon in agreeing to enter into business associate contracts when they host protected health information (“PHI”) for covered entities and business associates. Before these major players in cloud computing took this step, I had recommended against using their services as opposed to a specialty health information host service that would likely be knowledgeable about HIPAA and be willing to enter into such agreements. Now, covered entities and business associates can decide which service is better from a clinical and business viewpoint, instead of being unable to use a service that will not sign a business associate agreement.
For an excellent discussion of cloud computing and HIPAA see the recent blog item, “HIPAA Breaches and the Cloud, by the Numbers,” by guest commentator Melissa McCormack.
If today’s blog item or Ms. McCormack’s blog item has caused you to think that perhaps you need a business associate policy but that you do not know what such a policy should contain, you are in luck. I have finished writing The Complete HIPAA Policies and Procedures Guide with accompanying HIPAA Compliance Sample Policies and Procedures CD. I appreciate the help of my reviewers for the book. The book and CD have been edited and revised a couple of times and are now in the final stages of production. We expect to have copies in our office to start shipping within a couple of weeks or so. If you would like to order a copy now to get a prepublication discount, please call our marketing director, Patrick R. Head II, toll-free at 855-341-8783 or email him at patrick@veteranspress.com.