The Intersection of HIPAA and Cloud Storage

Laura Gerdes Long

By Laura Gerdes Long



Co-authored by Laura Gerdes Long and Katherine M. Flett

Our ever-evolving technological society is raising new questions about how to reconcile complex health data protection laws with cloud storage.  Storage of data in the “cloud” allows users to store, maintain, and manage data remotely on the internet.  Its advantages include accessibility of the cloud-stored data from any location via the internet, emergency back-up capacity, and even cost savings.  An online search for HIPAA-compliant cloud storage companies reveals that there is no shortage of companies who advertise their “HIPAA-compliant cloud services.”  It is important to remember that working with a company who claims their cloud storage “is HIPAA compliant,” does not excuse you from meeting HIPAA requirements.  Due diligence is required when selecting such a company and entering into appropriate contractual arrangements with the companies.

The Department of Health and Human Services’ Office for Civil Rights (“OCR”) is responsible for overseeing protection of sensitive health data under the Health Insurance Portability and Accountability Act, as amended (“HIPAA”). OCR issued guidance on October 6, 2016, explaining how to safeguard electronic health information protected by HIPAA in today’s widespread cloud networking environment.

HIPAA applies to “covered entities,” and this article will focus on one such covered entity, the health care provider.  Most health care providers do not perform all of their health care functions by themselves and instead often use a range of services offered by others, called “business associates” under HIPAA.  Health care providers are permitted to disclose protected health information (“PHI”) to these business associates (“BA”) as long as they obtain satisfactory assurances that the BA will use the information only for the purposes for which it was engaged by the health care provider, will safeguard the information from misuse, and will help the health care provider comply with some of the health care provider’s duties under HIPAA, through the execution of business associate agreements.

Continue reading »

Are All IT Jobs Exempt From Overtime Requirements Under the Fair Labor Standards Act?

Ruth Binger

By Ruth Binger



Most companies are under a common perception that all jobs involving computers are complex, require exceptional expertise and are therefore exempt from the requirement of overtime pay under the Fair Labor Standards Act. Legally, this is not true. As a preventive measure, companies should audit their workforce to make sure that their information technology workers are properly classified. Failure to do so could cause companies to lose their exemption from paying overtime for all misclassified employees, payment of two to three years of back pay and the payment of double damages.

There are three possible applicable exemptions available to avoid overtime pay for information technology jobs. They are: (1) the computer related exemption under 29 CFR Section 541.400; (2) the administrative exemption under 29 CFR Section 541.200; and (3) the executive exemption under 29 CFR Section 641.100. This article will focus only on the computer related exemption.

Continue reading »

Protecting Your Company’s Intellectual Property from Predation by Employees and Independent Contractors

David R. Bohm

By David R. Bohm



The success of a company in the technology sector is largely dependent upon its intellectual property, which, in turn, is derived from investment in human capital. It is the company’s employees (as used herein, the term “employee” will include independent contractors and contract employees) who develop software, invent new products or techniques, and generate other types of trade secrets and confidential information. Today, because employees are more mobile than ever, it is extremely important that businesses take precautions to keep their intellectual property from being utilized by an employee who goes to work for a competitor.

Patent and copyright law provide an entrepreneur some rights in relation to employees involved in developing patented or copyrighted material. Additionally, an entrepreneur has some common law rights in its trade secrets and confidential information. However, in order for a business to fully protect its interests in intellectual property developed and utilized by it, it is important to implement written agreements
that specifically address the rights of the business and its employees relative to such inventions and information.

Continue reading »