iCloud is not HIPAA compliant because Apple won’t sign a Business Associate Agreement (BAA).
iCloud provides cloud-based storage solutions, with security protections for both data storage and transfer. Authentication controls and access management are necessary for cloud services to be HIPAA-compliant. A healthcare provider must be able to monitor who accessed the data and what the user does with the information. iCloud’s controls meet the minimum HIPAA requirements, but that doesn’t mean that the service is HIPAA compliant.
Even though strong access and authentication features are part of iCloud, the services it provides classify Apple as a business associate. When healthcare providers use cloud services with patient health information (PHI), business associates must sign a BAA.
Apple will not sign a BAA with healthcare organizations. The terms and conditions clearly state that HIPAA-covered entities shouldn’t use iCloud for sharing, storing, or transmitting PHI. Using this service for PHI is a violation of HIPAA rules.
iCloud makes it easy to store and share data in the cloud. This service is available through Apple and is accessible through iPhones, iPads, and Mac computers.
Readers should perform their own research before making the final decision. The information on the JotForm HIPAA Compliance Checker does not constitute official healthcare or legal advice. JotForm is not liable for any damage or liabilities arising out of or connected in any manner with this platform.