It’s great news. Amazon remained silent for almost 4 months on signing into BAA (HIPAA Omnibus rule) and the deadline to sign was fast approaching (September 23rd). We now see the wonderful news that Amazon AWS has agreed to sign BAA and hence become a HIPAA compliant cloud provider. Hence MSPs / VARs using StoreGrid Cloud and SyncBlaze Cloud to offer cloud based backup, disaster recovery, file sharing and sync services can now market their HIPAA compliant service to Healthcare IT industry.
Unless you are living in a cave in the recent past, you must come across the new HIPAA regulation where the Department of Health and Human Services issued final rule on how Data is governed under HIPAA. What this means for MSPs? As a ‘Business Associate’ it is a requirement for MSPs to sign a ‘Business Associate’ agreement with their Healthcare IT clients and by signing this agreement, MSPs / VARs understand the ‘shared liability’ in protecting their client information from any data breach. Why is this important? Because Business Associates failing to comply can end up with up to $1.5 million in fine / violation. Hence it becomes important for MSPs involved with Healthcare IT clients to understand the new HIPAA Omnibus rule and ensure they are compliant by all means.
Some of our MSPs who host their data in Amazon Cloud have already started questioning about Amazon’s stand on the new rule. Even though the data is encrypted at source, transit and at rest, it is still a requirement for the cloud service provider to sign the BAA in order to be HIPAA compliant. The new rule states as follows
“an entity that maintains protected health information on behalf of a covered entity is a business associate and not a conduit, even if the entity does not actually view the protected health information.”
And as it states, irrespective of whether the entity has the ability to see the data or not, if they do hold the data, then they are required to comply with the new rule.
This is a great opportunity for MSPs / VARs hosting or using Amazon Cloud for offering StoreGrid and SyncBlaze based data management solutions to their Healthcare IT clients. Take advantage of this great news and start offering a compliant Backup, File Sharing and Sync solution to your customers.