Cloud Computing in Healthcare: Mitigating Privacy Risks and Negotiating Business Associate Agreements

Navigating HIPAA, HITECH, State Law and International Jurisdiction Challenges

Recording of a 90-minute CLE webinar with Q&A

This program is included with the Strafford CLE Pass. Click for more information.
This program is included with the Strafford All-Access Pass. Click for more information.

Conducted on Wednesday, June 11, 2014

Recorded event now available

or call 1-800-926-7926
Course Materials

This CLE course will provide guidance to healthcare counsel for managing privacy and security risks when using cloud computing to outsource the storage of patient information. The panel will also discuss key provisions to include in business associate agreements with cloud vendors to minimize liability exposure.


Cloud computing is a powerful tool for healthcare providers to expand data capacity, reduce costs, and enable the collection and storage of patient electronic health records. Counsel for hospitals and physicians engaged in cloud computing must navigate a myriad of privacy laws including HIPAA, HITECH and state privacy laws.

Healthcare counsel must also understand how U.S. privacy laws will be enforced in international jurisdictions. Further, to mitigate liability for data breach, counsel must carefully negotiate cybersecurity coverage with their insurers and business associate agreements with cloud computing vendors. Insurance and agreements must include clear warranty, indemnity and data disclosure provisions.

Listen as our authoritative panel of healthcare attorneys examines the benefits and risks of using cloud computing to store confidential patient information. The panel will offer approaches for healthcare providers and counsel to mitigate privacy and security risks.



  1. Legal considerations under HIPAA, HITECH and state privacy laws
  2. Negotiating business associate agreements with cloud computing vendors
    1. Risk allocation/shifting provisions
    2. Liability for data breach
  3. Cybersecurity insurance considerations
  4. Challenges of international jurisdiction when patient information is stored outside of the United States


The panel will review these and other key questions:

  • What are the different cloud computing models available to healthcare providers?
  • What measures should healthcare providers using cloud computing take to ensure compliance with HIPAA and state law privacy and security requirements?
  • What risk allocation and mitigation provisions should counsel to hospitals and physicians include in business associate agreements with vendors to help mitigate liability for data breach?


Joshua Carlson
Joshua Carlson

Joshua Carlson

Mr. Carlson has over 15 years’ experience in data security and data privacy, and provides guidance to companies...  |  Read More

Patrick X. Fowler
Patrick X. Fowler

Snell & Wilmer

Mr. Fowler assists companies dealing with technology issues related to internet/e-commerce claims, intellectual...  |  Read More

Richard L. Green
Richard L. Green

McCarter & English

Mr. Green handles matters involving the sourcing, commercialization, use and protection of intellectual property,...  |  Read More

Access Anytime, Anywhere

Strafford will process CLE credit for one person on each recording. All formats include course handouts.

To find out which recorded format will provide the best CLE option, select your state:

CLE On-Demand Audio