At AeroFS, a lot of our users and customers come from medical backgrounds — doctors, hospitals, clinics, and other medical practitioners.
One of the most common questions we get asked is what to do about HIPAA compliance, specifically as it relates to personally identifiable information (PII) and HIPAA and they’re often surprised to hear that new regulations that came into effect on September 23, 2013 mean that Software-as-a-Service (SaaS) vendors may now be directly subject to HIPAA rules.
As of September 23, 2013, any Business Associate is now directly responsible for complying with HIPAA’s requirements for privacy and security of protected health information. Naturally, the next question is who is a “Business Associate”? A “Business Associate” is any party involved in the processing, storage or transmission of a patient’s medical data, which includes many SaaS and Cloud providers.
This definition means that even if a third party simply transmits data and does not even store it, they are still subject to HIPAA regulations.
HIPAA Compliance is a tricky matter, and if you’re reading this blog because you’re wondering what sort of file sharing service will allow you to transmit/receive protected health information within your organization or team (or even to and from patients), we suggest adopting the AeroFS Private Cloud. Your organization will still be subject to HIPAA rules in its processing/handling of patient information, but at least you won’t run into the issue of a SaaS provider prohibiting use of its service to share HIPAA protected information.
If you still have questions about HIPAA compliance, feel free to shoot us an email at firstname.lastname@example.org
All the best,
Yuri & the AeroFS Team.
ps. In this particular blog post, I’ve been advised that I should leave a standard disclaimer — this is not legal advice 🙂