More healthcare organizations are now using cloud computing solutions than ever before, but with the HIPAA Omnibus Final Rule now added to the HIPAA Privacy and Security Rules and breach notification provisions, these agencies will need to be more cautious, Matthew Fischer wrote on Data Center Knowledge. The Final Rule expands the definition of "business associate" to include any entity which "creates, receives, maintains, or transmits protected health information (PHI) on behalf of a covered entity." This means cloud providers and data centers will be covered as part of this, so technology vendors will need to exercise caution in handling healthcare data.

Business associates will now be liable for:
- Failure to provide access to electronic copies of PHI owned or covered by the entity
- Failure to provide breach notification
- Failure to disclose PHI when required by the Department of Health and Human Services
- Improper use and disclosure of PHI

"Covered entities and business associates that are considering contracting with data centers and cloud providers will carefully scrutinize whether their vendors have implemented adequate administrative, physical and technical safeguards as mandated by HIPAA," Fischer said.

Forbes said this new rule could be a good thing for cloud computing services, as it will help move consumer healthcare into the cloud in a safer way. If done correctly, the Final Rule should allow organizations to become more efficient in the cloud.