Here’s a good overview article for businesses considering moving their data to The Cloud, especially sensitive data with HIPAA and PCI requirements. Essentially your lawyer is your new best friend. Most of the Cloud providers’ contracts prevent you from holding them responsible if anything bad happens to your data, but your lawyer can change the equation in your favor by modifying the contract. Page 2 has some good starter Due Diligence questions to ask when you’re considering a move to The Cloud.
http://www.computerworld.com/s/article/9234134/Legal_concerns_curb_corporate_cloud_adoption