Cloud computing and trans-border health data: Unpacking U.S. and EU healthcare regulation and compliance

•Cloud computing in healthcare.•Regulation and compliance.•European Union directives.•Accountability and risk assessment.•Data controllers, processors and sub-processors.

The emerging market of cloud computing poses many challenges for policy-makers, healthcare organizations and the IT industry, as health data and information is increasingly transferred across national or state borders where little consensus exists about which authorities have jurisdiction over the data. This review of U.S. and EU regulation and compliance of national and trans-border data flows, focuses on cloud computing in the health sector. As transatlantic regulatory frameworks are developed to keep pace with the fast-moving market of cloud computing, evidence suggests that cloud clients and providers need to work together to meet stringent compliance rules to avoid penalties and potential reputational damage. Traditional sourcing relationships where cloud providers act as ‘conduits’ for health data are being superseded by more stringent demands to become ‘business associates’ of their clients, with shared responsibilities and accountabilities for the protection and security of health data.