Business Associate Agreements: More Readily Accepted by Cloud Service Providers? Maybe


Although the HIPAA Omnibus Final Rule's expansion of business associate liability could create difficulties for healthcare providers and other covered entities seeking to negotiate business associate agreements with vendors for the storage and maintenance of protected health information (PHI), cloud service providers (CSP) could be more receptive to such arrangements thanks to recent developments concerning Amazon Web Services (Amazon) and its relationship with HHS. Earlier this month, Amazon became the first CSP to achieve nonprovisional "authority to operate" status in the Federal Risk and Management Program (FedRAMP). FedRAMP, overseen by the General Services Administration, was established in December 2011 to provide a streamlined process across the federal government for identifying and certifying "secure, reliable, and cost-effective cloud options." Office of Management and Budget policy requires federal agencies, such as HHS, to use such services as a way of effectively managing IT where feasible. Amazon provides cloud services to HHS, including hosting of In order to achieve nonprovisional status, Amazon was required to undergo a third party security assessment and to receive HHS approval. Now that HHS and Amazon are working together, covered entities should find CSPs more receptive to entering into business associate agreements.

Written by:

Published In:


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© BakerHostetler | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »

All the intelligence you need, in one easy email:

Great! Your first step to building an email digest of JD Supra authors and topics. Log in with LinkedIn so we can start sending your digest...

Sign up for your custom alerts now, using LinkedIn ›

* With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name.