With expert authors:
This HIPAA worksheet is meant to illuminate the cloud requirements of HIPAA that you need to plan for in your own digital health product. What does "HIPAA Compliant" really mean? Frequently it is just a marketing label that some companies bestow upon themselves and not really an attestation of compliance. That's risky.
A more comprehensive risk assessment, such as the HITRUST CSF Self-Assessment, is also necessary. Use this checklist to understand what compliance controls are needed, and assess your compliant state at several cloud layers:
The Physical Layer
The Operating System and Application Layers
The Administrative Layer
Once you've completed this checklist you'll have a much better understanding of what it will take to be HIPAA compliant in the cloud.