Skip to content
DWT logo
People Services Insights
About Offices Careers
Search
People
Services
Insights
About
Offices
Careers
Search
Presentations
Privacy & Security

"HIPAA and a Cloud Computing Shared Security Model," Healthcare Information and Management Systems Society (HIMSS) 19, Orlando

03.10.19
Share
Print this page

Cloud computing often involves a shared security model. The cloud service provider (CSP) may provide a virtual vault, but all of its security is meaningless if the customer uses a weak password. When a HIPAA covered entity or business associate, such as a healthcare provider or health plan, uses cloud computing services and seeks to comply with HIPAA's Security Rule, it is imperative that the covered entity or business associate understand the shared security model. This includes what requirements are applicable to the covered entity or business associate, what requirements the CSP addresses, and what security responsibilities both must address. Who is responsible for encryption of data at rest? Of data in motion? How does the covered entity or business associate need to address its use of cloud services in its information security risk analysis? This session will focus on how the HIPAA Security Rule and other security laws apply to a cloud computing shared security model.

Related Articles

DWT logo
©1996-2025 Davis Wright Tremaine LLP. ALL RIGHTS RESERVED. Attorney Advertising. Not intended as legal advice. Prior results do not guarantee a similar outcome.
Media Kit Affiliations Legal notices
Privacy policy Employees DWT Collaborate EEO

SUBSCRIBE
©1996-2025 Davis Wright Tremaine LLP. ALL RIGHTS RESERVED. Attorney Advertising. Not intended as legal advice. Prior results do not guarantee a similar outcome.
Close
Close

CAUTION - Before you proceed, please note: By clicking "accept" you agree that our review of the information contained in your e-mail and any attachments will not create an attorney-client relationship, and will not prevent any lawyer in our firm from representing a party in any matter where that information is relevant, even if you submitted the information in good faith to retain us.