By David Saunders and Heidi Wachs

The Department of Health and Human Services (HHS) has published formal guidance that makes clear that most Cloud Servicer Providers (CSPs) that create, receive, maintain or transmit electronic Protected Health Information (ePHI) are Business Associates and thus governed by HIPAA. While the overall conclusion, that CSPs that handle ePHI are Business Associates, is not particularly revolutionary, HHS’s formal guidance provided details as to HHS’ evaluation of CSPs, which those who work with CSPs and handle ePHI should take note of.

To read the full Jenner & Block client alert on this subject, please click here.