HealthcareCISO

The HIPAA Security Rule was drafted in 1998, just two years out from what most believe was the first recorded mention of the term "cloud computing" (in a 1996 internal business report from Compaq), explained healthcare attorney Adam Greene, partner at Davis Wright Tremaine LLP.

And even by the time the final security rule was published five years later in 2003, the concept of cloud hosting was still nowhere near what is today, especially in healthcare, he said. That has necessitated some creative thinking, as technologies and comfort levels around remote hosting have evolved, said Greene during his recent HIMSS20 Digital presentation, HIPAA and a Cloud Computing Shared Security Model.

Which security responsibilities belong to HIPAA-covered entities, and which should be tasked to their cloud-service-provider business associates? The situation will differ, depending ...