Due to the increase in the use of cloud services, understanding the relationship between the covered entity or counterparty and the CSP is extremely important for the protection of ePHI. Cloud computing is a cost-effective solution for storing and backing up ePHI. The use of cloud storage in companies that control or generate PHI continues to grow. It is therefore important to understand how these CSPs can be safely used by third parties for ePHI storage. If you use it correctly, cloud storage can be a big benefit for your business, as you save time and money. HIPAA does not require a CSP counterparty to document its security practices, but the CSP is directly responsible for the lack of protection of the ePHI in accordance with the security rule. However, customers may request documentation of BAA security measures. .