Overview
Daniel Gottlieb cautioned healthcare providers on protected health information (PHI) security when using cloud-based data systems, noting that even applications seemingly removed from direct patient care could trigger HIPAA requirements for vendors to protect PHI. Some vendors will “include covenants in their agreements where the customer agrees that the customer will not upload any HIPAA protected health information into the service,” Mr. Gottlieb said. “What sometimes happens is the customer does upload PHI into the service even though there is not a business associate agreement in place.” Read the full article.
