HIPAA Security Rule

The Department of Health and Human Services (HHS) recently published guidance on HIPAA requirements governing the use of cloud computing entities, specifically cloud services providers (CSPs).

In this guidance, HHS explains that CSPs that create, receive, maintain, or transmit protected health information (PHI) on behalf of a covered entity or business associate are considered business