If it's UK data, from the UK .gov, being stored to a server whose hardware is in the US, to be worked on by a UK consultancy, should it actually be subject to HIPAA?
Jurisdiction in the Internet is tricky business.
If it's UK data, from the UK .gov, being stored to a server whose hardware is in the US, to be worked on by a UK consultancy, should it actually be subject to HIPAA?
Jurisdiction in the Internet is tricky business.