How does HIPAA compliance apply to RP1Cloud as a private cloud deployment?

Excellent discussion point!

If we sell our cloud-based video product (www.rp1cloud.com) as a private cloud solution and the customer wishes to store their recordings on-site, we effectively become a conduit.  The data at rest is now managed by the customer.  The data in transit is the responsibility of the customer.  Pragmatic is no longer a Business Associate.  And as per the HIPAA conduit exception rule, HIPAA compliance no longer applies to RP1Cloud, a division of Pragmatic, and we would not need to sign a Business Associate Agreement (BAA).  We see it as being the same as a telephone company, an ISP, or the Postal Service for a private cloud deployment. Here is an article that has salient points that we believe bolsters that perspective. http://www.healthcarebusinesstech.com/hipaa-conduit-exception-rule/. The fact that we provide the medium used to communicate doesn’t place us in the role of BA, as we understand it.