Choosing a Cloud Service Provider (CSP)

With the cloud becoming more standard in healthcare, using cloud services sounds more and more appealing to covered entities. The challenge, however, is finding a cloud service provider (CSP) in compliance.

Luckily, with cloud service providers coming to see the value of cloud services for medical organizations, their standards are improving.

Questions You Should Ask

  1. Where is my data stored? (where is the data center)

  2. For audit purposes you must know where your CSP is storing your data.

  3. How accessible is my data, and by whom?

  4. During an audit, your organization must be able to provide evidence of access controls and how they are controlled.

  5. Are they encrypting my data?

  6. Find out what type of encryption the CSP uses

  7. Where and how encryption is implemented

  8. Should be encrypted in motion and at rest

Cloud Service Provider Options

  1. Software as a Service (SaaS)

  2. Platform as a Service (PaaS)

  3. Infrastructure as a Service (IaaS).

Workload requirements are usually the deciding factor in what cloud service is best for your facility.

Roles and Responsibilities

Just because someone else is managing your data, that does not mean you will not held responsible were the worst to happen. You are still considered the data owner and as such, are responsible for the safe custody of your patient data!

When entering an agreement with a CSP, ensure that your facility uses a HIPAA Business Associate Agreement (BAA). Be diligent when creating your BAA to hold the Business Associate accountable so they thoroughly understand their roles and responsibilities. Also ensure they use BAAs for any potential or existing subcontractors.

With a little due diligence, a good CSP like Novarad can take a lot of weight and burden off your facility, and give you more opportunities to grow and succeed without being tied down by data storage restrictions!

For more information or to explore Novarad’s cloud storage solutions, contact us by clicking here.

This post was written by Allie Robinson, a business policy analyst with Novarad.

Novarad EHS Logo Full Color (1) (3).png
Novarad EHS Logo Full Color (1) (3).png


752 East 1180 South, Suite 200

American Fork, Utah  84003

(877) 668-2723 phone


12 Kingsbury Trading Estate Church Lane

Kingsbury London United Kingdom


+44 (0) 208 205 9500 phone

+44 (0) 208 205 0585 fax


2 Calle A 6-28 zona 10 Edificio Verona, Oficina 502
Edificio Verona, Oficina 502
Guatemala, Guatemala


407 Prestige Tower F. Ortiga Jr. Road
Ortigas Center, Pasig City Philippines, 1605
Phone: +632.661.6161
Fax: +632.661.4334

© 2020 Novarad®