BAAs in the Cloud: Securing HIPAA-Compliant EMR Hosting
DOI:
https://doi.org/10.63282/3050-9262.IJAIDSML-V6I4P102Keywords:
Business Associate Agreements (BAAs), HIPAA, Cloud Computing, Electronic Medical Records (EMR), Data Security, ComplianceAbstract
The wide use of the cloud in the healthcare field has brought about the redesigning of EMR (Electronic Medical Records) storage, accessibility and managing. While standing out as the best option, the cloud majorly offers the following among others: ability to scale, cost savings, and Interoperability. It also carries with it some downsides: particularly with the legal aspects, regulatory and the overall security which becomes increasingly complex as HIPAA legislation comes into play. For cloud-based healthcare systems to follow the HIPAA there is a need to forerun with the formalization of a Business Associate Agreements (BAAs) between cloud service providers (CSPs) and those large healthcare systems. Based on whether they are established, this thesis will evaluate the legal consequences of BAAs, analysing if they are enforceable contracts under the federal common law or if there is an easier way to ensure they exist (forcing the parties to really read and understand them). This work further investigates the impact of or roles played by BAAs in assigning liability, defining responsibilities, and reinforcing policies with regards the health’s record safety in the cloud infrastructure. It also solves the burden of delivering and maintaining the same infrastructure platforms required by entities, heightening the automation or efficiency, whether economies of convergence and scope
References
[1] Agarwal, S., & Peta, S. B. (2025). From Notes to Billing: Large Language Models in Revolutionizing Medical Documentation and Healthcare Administration. Sch J App Med Sci, 8, 1558-1566.
[2] Al-Marsy, A., Chaudhary, P., & Rodger, J. A. (2021). A model for examining challenges and opportunities in use of cloud computing for health information systems. Applied System Innovation, 4(1), 15.
[3] Ameyed, D., Jaafar, F., Charette-Migneault, F., & Cheriet, M. (2021, December). Blockchain based model for consent management and data transparency assurance. In 2021 IEEE 21st International Conference on Software Quality, Reliability and Security Companion (QRS-C) (pp. 1050-1059). IEEE.
[4] Arumugam, K. J. (2025). Cloud, Care and Confidentiality: The Healthcare Data Security Dilemma. Available at SSRN 5277766.
[5] Atobatele, O. K., Ajayi, O. O., Hungbo, A. Q., & Adeyemi, C. (2023). Enhancing the Accuracy and Integrity of Immunization Registry Data Using Scalable Cloud-Based Validation Frameworks.
[6] Dong, Y. (2022). Blockchain-enabled Secure and Trusted Personalized Health Record.
[7] Evans, A., Singh, A., & Golbin, A. (2025). Navigating Supply Chain Cyber Risk: A Comprehensive Guide to Managing Third Party Cyber Risk. Taylor & Francis.
[8] Gallifant, J., Kellogg, K. C., Butler, M., Centi, A., Doyle, P. F., Dutta, S., ... & Bitterman, D. S. (2025). Beyond the Algorithm: A Field Guide to Deploying AI Agents in Clinical Practice. arXiv preprint arXiv:2509.26153.
[9] Hemapriya, K. E., & Saraswathi, S. (2024). Deep learning-based cloud computing technique for patient data management. In Deep learning for smart healthcare (pp. 143-164). Auerbach Publications.
[10] Huo, M., Bland, M., & Levchenko, K. (2022, November). All eyes on me: Inside third party trackers' exfiltration of phi from healthcare providers' online systems. In Proceedings of the 21st Workshop on Privacy in the Electronic Society (pp. 197-211).
[11] Kansara, M. (2021). Cloud migration strategies and challenges in highly regulated and data-intensive industries: A technical perspective. International Journal of Applied Machine Learning and Computational Intelligence, 11(12), 78-121.
[12] Olorunlana, T. J. (2024). Securing Healthcare Data in the Cloud under HIPAA and NIST Frameworks.
[13] Onwuzuruike, F. E. (2023). Recommendations on how clinicians and healthcare professionals should secure patient data (Doctoral dissertation, Marymount University).
[14] Samant, P. S. (2024). Secure cloud services for the healthcare industry: Addressing unique challenges and ensuring compliance. International Journal of Research and Application of Science, Engineering and Technology, 12(4), 3095-3101.
[15] Vale, T. (2024). Automated snapshot lifecycle management for health it storage.
