Therefore, it is imperative that any health care provider engaging a cloud storage company understands the cloud
computing environment and solutions being offered by such companies, so the health care provider may appropriately conduct its own risk analysis and establish risk management
policies, as well as enter into appropriate business associate agreements to ensure that the cloud storage company complies with HIPAA
requirements.
Waters suggests
policies that cover the basics, including password usage, safe
computing, prescribed
computing (sticking to a
computing regime that works reliably), and compliance with law society and client
requirements.