As cloud adoption in healthcare increases, many organizations grapple with understanding who is responsible for the confidentiality, integrity, and availability of protected health information (PHI). To help resolve any confusion, it is first important to review some fundamental aspects of HIPAA compliance, Business Associate Agreements (BAA), and cloud service models. This whitepaper provides an overview of considerations as well as a method for understanding and assigning roles.
- The HIPAA Security Rule & BAA
- Cloud Service Models
- Cloud Infrastructure Models
- Data Ownership Roles
- Shared Responsibility
- The RACI Matrix
- Best Practice Tips