Hipaa Compliant Cloud Storage Page

: The CSP must maintain detailed logs of who accessed or modified data and when.

A cloud provider is considered a (BA) if it handles ePHI, even if it cannot access the encrypted data. To be compliant, the following must be in place:

Many major providers offer HIPAA-compliant tiers, but you must ensure you are using a supported version and have signed their BAA.