If you are involved in healthcare IT, you know all about HIPAA and the responsibility it puts on the organization to protect patient information. In the early days of HIPAA regulations, there were only general guidelines and required outcomes to help direct IT departments in reaching compliance. The fact that most organizations maintained a “closed” system, meaning they had their own data center with very little data being exposed outside of the organization, made compliance relatively simple. Our biggest worry was the tape media being rotated out to our favorite offsite storage facility. Over time, data center strategies have evolved to include collocation and managed services. While this has added some complexity to HIPAA compliance, you still know exactly where your data resides and have a good idea of who could potentially access it from the third party provider. Now cloud computing has been added to the mix of service options. This adds some interesting HIPAA compliance challenges since absolute end-to-end control of the data is no longer assured.