News and blog posts related to hosting for healthcare organizations and HIPAA compliance.

Is iCloud HIPAA Compliant?
Aug01

Is iCloud HIPAA Compliant?

Is iCloud HIPAA compliant? Can healthcare organizations use iCloud for storing files containing electronic protected health information (ePHI) or sharing ePHI with third-parties? This article assesses whether iCloud is a HIPAA compliant cloud service. Cloud storage services are a convenient way of sharing and storing data. Since files uploaded to the cloud can be accessed from multiple devices in any location with an Internet connection, information is always at hand when it is needed. There are many cloud storage services to choose from, many of which are suitable for use by healthcare providers for storing and sharing ePHI. They include robust access and authentication controls and data uploaded to and stored in the cloud is encrypted. Logs are also maintained so it is possible to tell who accessed data, when access occurred, and what users did with the data once access was granted. iCloud is a cloud storage service that owners of Apple devices can easily access through their iPhones, iPads, and Macs. iCloud has robust authentication and access controls, and data is encrypted in...

Read More
Atlantic.Net Celebrates 25 Years as Internet and Cloud Services Provider
Aug01

Atlantic.Net Celebrates 25 Years as Internet and Cloud Services Provider

Atlantic.Net, a cloud service provider that specializes in HIPAA-compliant hosting for the healthcare industry, is celebrating its 25th anniversary this year. The company was formed in 1994 as an Internet service provider, but over the years has adapted with the latest technology trends and in 2009 transitioned into cloud services. Over the next 10 years the company further developed its hosting platform and associated services and is now a major cloud services provider with more than 15,000 business clients in over 100 countries. “What started as an ISP in a university dorm has evolved into a leading Cloud Services Provider that our clients have come to rely on for powering their businesses, securing their data, and ensuring compliance and business continuity,” said Atlantic.Net Founder, President, and CEO, Marty Puranik. “By offering optimized Cloud and traditional hosting that protects and scales with our customer’s businesses, we have grown into an international brand with a computing presence in multiple countries. We thank our loyal staff and clients, without whom our success...

Read More
HIPAA Compliance and Cloud Computing Platforms
Jul28

HIPAA Compliance and Cloud Computing Platforms

Before cloud services can be used by healthcare organizations for storing or processing protected health information (PHI) or for creating web-based applications that collect, store, maintain, or transmit PHI, covered entities must ensure the services are secure. Even when a cloud computing platform provider has HIPAA certification, or claims their service is HIPAA-compliant or supports HIPAA compliance, the platform cannot be used in conjunction with ePHI until a risk analysis – See 45 CFR §§ 164.308(a)(1)(ii)(A) – has been performed. A risk analysis is an essential element of HIPAA compliance for cloud computing platforms. After performing a risk analysis, a covered entity must establish risk management policies in relation to the service – 45 CFR §§ 164.308(a)(1)(ii)(B). Any risks identified must be managed and reduced to a reasonable and appropriate level. It would not be possible to perform a comprehensive, HIPAA-compliant risk analysis unless the covered entity fully understands the cloud computing environment and the service being offered by the platform...

Read More
Is Amazon CloudFront HIPAA Compliant?
Jul28

Is Amazon CloudFront HIPAA Compliant?

Is Amazon CloudFront HIPAA compliant and can the web service be used by HIPAA covered entities without violating HIPAA Rules? In this article, we determine whether Amazon CloudFront supports HIPAA compliance or if it should be avoided by HIPAA-covered entities. What is Amazon CloudFront? Amazon CloudFront is a web service that allows users to speed up web content delivery over the Internet and for website hosting. Typically, when a website is accessed, the visitor experiences some latency accessing static and dynamic content. The reason for this is visitors will not make a direct connection to the content, instead they will be routed through a path to reach the server where the content can be accessed. The path can involve many routing points, will inevitably have an impact on the speed at which content can be accessed. By using a content delivery network such as Amazon CloudFront, it is possible to reduce latency and improve reliability and availability of web content. By delivering content via a network of data centers (edge locations), users are routed to the nearest location...

Read More
How to Choose the Right Healthcare Cloud Provider
Jul24

How to Choose the Right Healthcare Cloud Provider

Healthcare organizations often turn to a HIPAA compliant cloud vendor or Managed Service Provider to help them ensure electronic patient records are secured and they are in compliance with the Health Insurance Portability and Accountability Act (HIPAA). HIPAA contains an extensive set of rules for healthcare organizations which were introduced in 1996 to improve privacy and security of patient information, eliminate waste in healthcare, and combat fraud. This legislative act introduced new and legally binding requirements for healthcare providers to secure their systems, improve privacy and security protections, and keep health data private and confidential at all times. The Act and its subsequent updates have served to strengthen privacy protections, give patients new rights, and ensure that all healthcare organizations achieve a minimum standard of data security. It may seem that HIPAA is at odds with cloud computing, but there is nothing in HIPAA legislation that prohibits use of the cloud for sharing or storing patient data. HIPAA covered entities can use cloud platforms and...

Read More
Is IBM Cloud HIPAA Compliant?
Jul23

Is IBM Cloud HIPAA Compliant?

Is IBM Cloud HIPAA compliant? Is the cloud platform suitable for healthcare organizations in the United States to host infrastructure, develop health applications and store files? In this post we assess whether the IBM Cloud supports HIPAA compliance and the platform’s suitability for use by healthcare organizations. IBM offers a cloud platform to help organizations develop their mobile and web services, build native cloud apps, and host their infrastructure along with a wide range of cloud-based services for the capture, analysis, and processing of data. The platform has already been adopted by many healthcare providers, payers, and health plans, and applications and portals have been developed to provide patients with better access to their health information. IBM Cloud Security IBM is a leader in the field of network and data security, and its expertise has meant its cloud platform is highly secure. Security is built into the core of all of the firm’s software and services to ensure that sensitive data remains confidential and cannot be accessed by unauthorized individuals. Its...

Read More
UMC Physicians Discovers Patient Information Was Uploaded to Unapproved and Unsecured Cloud Service
May15

UMC Physicians Discovers Patient Information Was Uploaded to Unapproved and Unsecured Cloud Service

The Lubbock, TX-based medical group UMC Physicians is alerting patients of UMC Southwest Gastroenterology that some of their protected health information has been exposed as a result of errors of judgement by two of its employed providers. Those providers had each set up a Google shared drive which was used to track follow up tasks related to the provision of care to patients. While the shared drives were set up with good intentions and were intended to help improve the care provided to patients, the providers used an unapproved cloud storage solution and patient data was inadvertently stored on an unsecured network. UMC Physicians discovered the policy violation on March 12, 2019 and launched an investigation to determine which patients’ protected health information had been exposed. During the course of that investigation, UMC Physicians determined that one of the providers had also been forwarding emails containing patient information to an unsecured Gmail account. The types of information that had been stored on the unsecured network and emailed to the Gmail account included...

Read More
CRN Names Atlantic.Net 2019 Tech Elite Solution Provider
Apr18

CRN Names Atlantic.Net 2019 Tech Elite Solution Provider

CRN, a brand of The Channel Company, has included HIPAA-compliant hosting solution provider Atlantic.Net in its 2019 Tech Elite 250 list. CRN produces the list each year to honor a very select group of companies in North America who have achieved the highest level and greatest number of certifications from the world’s leading technology suppliers, scaled to the size of the company. In today’s rapidly evolving technology landscape, cloud service companies need to constantly develop new solutions to meet the needs of their clients. To do that, they need to be aware of changing trends and have expert technical knowledge of a broad range of platforms. Companies that possess a broad and extensive knowledge are recognized each year by CRN in its Tech Elite 250 list. CRN assesses the technical knowledge of companies by the level of their technical certifications and the number of advanced technical certifications the companies have earned from the industry’s leading technology providers such as Amazon, VMware, Dell, HPE, Oracle, and Cisco. Inclusion in the Tech Elite 250 list demonstrates...

Read More
AWS Chief Technology Officer Allays Fears about Cloud Security and Talks about the Huge Potential of Alexa Voice Technology
Apr12

AWS Chief Technology Officer Allays Fears about Cloud Security and Talks about the Huge Potential of Alexa Voice Technology

Amazon Web Services’ chief technology officer, Werner Vogels, has been dispelling security myths about cloud computing at the Dublin Tech Summit in Ireland this week. Concerns have been raised about the security of data stored in the cloud, especially following the discovery that 540 million Facebook records had been exposed on AWS: One of several high-profile data breaches that have involved AWS-stored data in the past 12 months. Fears About Compliance and the Cloud Companies required to comply with General Data Protection Regulation (GDPR) must ensure that the personal data of EU citizens is secured and kept private and confidential. Since GDPR came into effect on May 25, 2018, the potential penalties for data exposures have increased significantly. It is therefore understandable that companies are concerned about storing data in the cloud rather than on-premise infrastructure that they feel better able to secure. Germany’s federal commissioner, Ulrich Kelber, spoke before Vogels at the Tech Summit and voiced his concerns about American cloud storage providers, stating that they...

Read More
Atlantic.Net Partnership with Veeam Enhances Data Availability
Dec06

Atlantic.Net Partnership with Veeam Enhances Data Availability

Atlantic.Net, the leading provider of HIPAA-compliant hosting to the healthcare industry, has announced it has entered into a new partnership with Veeam Software. Veeam specializes in providing Intelligent Data Management for the Hyper-Available Enterprise. Businesses are now heavily reliant on data. Without access to critical data, businesses grind to a halt. Even in the event of a natural disaster or cyberattack, systems must be rapidly brought back online, applications restarted, and all data recovered in the shortest possible time frame. Through the new partnership, Atlantic.Net customers will have access to Veeam-powered data protection and data recovery and availability solutions, which can be easily integrated into their business and disaster recovery strategies. The Veeam Availability Suite ensures hyper-availability for all workloads, whether virtual or physical, and all are managed through a single management console. In the event of disaster. Veeam combines replication and backup in a single solution and ensures applications and data can always be recovered. “In addition...

Read More
Atlantic.Net Awarded TMC 2018 Cloud Computing Security Excellence Award
Oct18

Atlantic.Net Awarded TMC 2018 Cloud Computing Security Excellence Award

Atlantic.Net, a leading provider of HIPAA-compliant hosting solutions and associated managed services, has been honored in this year’s TMC’s 2018 Cloud Computing Security Excellence Awards. TMC is an integrated media company that helps global buyers make the right purchasing decisions through the company’s content-driven marketplaces, education efforts, and live events. Each year, TMC recognizes the leading cloud computing companies and issues Excellence Awards to companies that have gone the extra mile and developed cutting edge cloud security services and solutions that offer exceptional protection from an ever-growing number of cybersecurity threats. “Today, the Internet is challenged by an ever-growing number of cyber security threats – including viruses, malware, DDoS, ransomware and more,” said Marty Puranik, CEO of Atlantic.Net.  “Here at Atlantic.Net we pride ourselves on keeping our clients’ data and infrastructure protected to help ensure privacy, security, and compliance.” In addition to its HIPAA-compliant hosting and HIPAA data storage services for the healthcare...

Read More
Atlantic.Net Included in November 2017 Market Guide for Cloud Service Providers to Healthcare Delivery Organizations
Oct06

Atlantic.Net Included in November 2017 Market Guide for Cloud Service Providers to Healthcare Delivery Organizations

HIPAA-compliant hosting company Atlantic.Net has been recognized by Gartner in its November 2017 Market Guide for Cloud Service Providers to Healthcare Delivery Organizations. The Market Guide is produced by Gartner Research to help CIOs at Healthcare Delivery Organizations gain a better understanding of the rapidly evolving cloud market and helps them identify notable cloud vendors. The Market Guide explains how the cloud is now a well-established option for healthcare delivery organizations, what security solutions are required for HIPAA compliance, and the key cloud services that will help make the organization’s cloud journey a success. Atlantic.Net is an Orlando, FL-based provider of HIPAA-compliant hosting, cloud hosting, and managed cloud services to the healthcare industry. Established in 1994, the company has grown into a market leader with state-of-the-art data centers throughout the United States and beyond. Atlantic.Net has recently just opened its 7th U.S. data center in Ashburn, VA, through which the full range of cloud and hosting services are now being provided....

Read More
Atlantic.Net Launches VMware-Based Private Cloud Hosting Platform
Aug12

Atlantic.Net Launches VMware-Based Private Cloud Hosting Platform

Atlantic.Net has announced a new collaboration with the enterprise cloud computing and virtualization software giant VMware. VMware is the name behind the software that powers the digital infrastructure of millions of businesses around the world, from SMBs to large enterprises and many Fortune 500 firms. Atlantic.Net is a market-leading hosting provider that specializes in HIPAA-compliant hosting solutions for the healthcare industry and associated managed services. The collaboration has seen Atlantic.Net join the VMware Cloud Provider Program, which will allow the company to deliver a secure, high performance, ultra-flexible VMware-based private cloud hosting platform to its customers. The new platform will bring enterprise-class virtualization technology to the SMBs marketplace, which can be leveraged to improve efficiency and significantly reduce costs. “Now, at Atlantic.Net, we will be able to provide our clients with the ability to choose the best private cloud environment to meet their needs,” said Atlantic.Net Chief Executive Officer and President, Marty Puranik. “Whether...

Read More
Is the Google Cloud Platform HIPAA Compliant?
Jul31

Is the Google Cloud Platform HIPAA Compliant?

Is the Google Cloud Platform HIPAA compliant?  Is the Google Cloud Platform a suitable alternative to Azure and AWS for cloud hosting for healthcare organizations? In this post we determine whether the Google Cloud platform is HIPAA compliant and if it can be used by healthcare organizations to build applications, host infrastructure, and store files containing protected health information. Healthcare organizations are increasingly taking advantage of cloud platforms. The healthcare cloud computing market was valued at $4.65 billion in 2016 and is expected to increase to more than $14.76 billion by 2022. Amazon AWS is still the leading platform with a market share of 62% according to KeyBlanc, with Microsoft Azure second on 20%, but Google is gaining ground, with a market share of around 12%. Amazon and Microsoft both offering platforms that support HIPAA compliance, but what about Google? Is the Google Cloud Platform HIPAA compliant? Will Google Sign a Business Associate Agreement Covering its Cloud Platform? Since the Omnibus Rule came into effect in September 2013, Google has...

Read More
Atlantic.Net Wins 2018 MedTech Breakthrough Award
Jul19

Atlantic.Net Wins 2018 MedTech Breakthrough Award

The MedTech Breakthrough Awards celebrate the companies and individuals in the health, fitness, and medical technology industries that are providing the best digital health and medical technology products and services for the global health and medical market. This year, more than 3,000 nominations for a prestigious MedTech Breakthrough Award were received. Nominees came from 12 countries and included some of the biggest names in healthcare technology, such as Philips, GE Healthcare, Abbott, Azalea Health, and WebMD. To be selected as an award winners with such strong competition demonstrates that a company has gone the extra mile and has developed cutting edge healthcare technology solutions that are much loved by users. The awards reflect the hard work, commitment, innovation, and successes of companies and individuals working across a range of health and medical technologies from robotics to cloud data storage. Awards are issued to individuals, products, services and companies in the categories of clinical and health administration, patient engagement, electronic health records,...

Read More
Atlantic.Net Opens New Northern Virginia Data Center Hosting Facility
Jul17

Atlantic.Net Opens New Northern Virginia Data Center Hosting Facility

Atlantic.Net has announced its new HIPAA data center hosting facility in Northern Virginia is now up and running and the company is now providing the full range of hosting services and solutions through the new facility. In response to demand for its cloud and managed services, Atlantic.Net has invested significant resources to improve its infrastructure and has embarked upon a major expansion of its data center footprint. The new Ashburn, VA data center is one in a string of new facilities that have been set up to meet the needs of the company’s rapidly growing client list. The Ashburn facility is located in Northern Virginia close to Washington D.C., and has historically been a hotbed of innovation. The new facility is protected by 24/7 manned security, state-of-the-art-security systems, biometric access controls, 2N generator power capacity, a N+2 cooling system, and the facility has been audited and has demonstrated compliance with HIPAA, HITECH, and SSAE 18 SOC1 and SOC2. The new data center joins those in New York, Dallas, Toronto, San Francisco, London, and Orlando. The...

Read More
Is Rackspace HIPAA Compliant?
Jun21

Is Rackspace HIPAA Compliant?

The Windcrest, TX-based managed cloud computing company Rackspace offers public cloud and email hosting services, but can they be used by HIPAA-covered entities without violating HIPAA Rules? Is Rackspace HIPAA compliant? Will Rackspace Sign a Business Associate Agreement with HIPAA Covered Entities? Rackspace is aware that by allowing healthcare organizations to use its services, the company is classed as a HIPAA business associate and must agree to comply with the HIPAA Privacy and Security Rules. Rackspace has obtained HITRUST and HITRUST CSF certifications which demonstrate the company meets the data and privacy security standards demanded by HIPAA for managed public, private, and hybrid cloud environments. The company uses extended SSL encryption and meets PCR DSS data security requirements. The company provides assistance to healthcare companies to help them use its services and comply with HIPAA Rules and develop an approach that satisfies HIPAA Rules and meets their business needs. Rackspace will also sign a business associate agreement for its dedicated hosting services,...

Read More
Secure Block Storage (SBS) Now Available for Atlantic.Net Cloud Servers
Jun14

Secure Block Storage (SBS) Now Available for Atlantic.Net Cloud Servers

Atlantic.Net, a leading provider of hosting and hosting services to the healthcare industry, has announced the release of Secure Block Storage (SBS) for its cloud servers. The new feature allows Atlantic.Net customers to attach additional storage drives to their cloud servers and easily scale their workloads. SMS allows customers to increase storage on the fly and move data between cloud servers. For total security, data is automatically encrypted at rest and SMS has been designed to provide 99.999% availability. To protect against data loss due to component failure, volumes are automatically replicated multiple times to ensure data can always be recovered. SBS has been developed to be highly scalable, highly redundant, easily accessible, and easy to use. SBS can be used for file, application, database, or backup storage and is available to all customers on demand. Initially, Atlantic.Net is launching SBS with an initial deal of 50GB of SMB free for one year and a rate of 7.9 cents per additional GB per month. “Here at Atlantic.Net, we remain steadfast in our commitment to...

Read More
Can You Make WordPress HIPAA Compliant?
Mar23

Can You Make WordPress HIPAA Compliant?

WordPress is a convenient content management system that allows websites to be quickly and easily constructed. The platform is popular with businesses, but is it suitable for use in healthcare? Can you make WordPress HIPAA compliant? Before assessing whether it is possible to make WordPress HIPAA compliant, it is worthwhile covering how HIPAA applies to websites. HIPAA and Websites HIPAA does not specifically cover compliance with respect to websites, HIPAA requirements for websites are therefore a little vague. As with any other forms of electronic capture or transmission of ePHI, safeguards must be implemented in line with the HIPAA Security Rule to ensure the confidentiality, integrity, and availability of ePHI. Those requirements apply to all websites, including those developed from scratch or created using an off-the-shelf platform such as WordPress. Websites must incorporate administrative, physical, and technical controls to ensure the confidentiality of any protected health information uploaded to the website or made available through the site. HIPAA-covered entities must...

Read More
Is Liquid Web HIPAA Compliant?
Mar20

Is Liquid Web HIPAA Compliant?

Healthcare organizations searching for a hosting solution may identify Liquid Web as a potential vendor, but is Liquid Web HIPAA compliant? Can its cloud services be used by HIPAA-covered entities for hosting applications and projects that include electronic protected health information? Any healthcare organization that wants to use the cloud to host applications that use the protected health information (PHI) of patients must select a vendor whose service includes safeguards to ensure the confidentiality, integrity, and availability of ePHI that meet the requirements of the HIPAA Security Rule. Cloud service providers, including hosting companies, are classed as business associates since they potentially have access to their clients’ data. While many cloud service providers claim they do not access customers’ data, they are still classed as business associates. HIPAA-covered entities and their business associates must therefore enter into a business associate agreement with the service provider before any ePHI is uploaded to the cloud. Liquid Web Business Associate Agreements...

Read More
Atlantic.Net Achieves SSAE-18  SOC 1 and SOC 2 Certification
Mar15

Atlantic.Net Achieves SSAE-18 SOC 1 and SOC 2 Certification

Atlantic.Net has recently been externally validated per Service Organization Control SSAE 18 SOC 1 and SOC 2 auditing standards and has attained SSAE-18 certification in compliance with AICPA standard principles. Atlantic.Net is one of the first service companies to achieve the certification. To attain certification, Atlantic.Net was audited by the national security and compliance solutions provider, A-Lign. The audit covered organization-wide system controls and how well Atlantic.Net’s controls were designed to achieve the control objectives. The audit also involved tests to determine the operational effectiveness of the controls. The auditor’s report confirmed that Atlantic.net is in full compliance with AICPA Standard Principles and achieved the standard required for certification. “This certification demonstrates the auditor’s confidence in our world class infrastructure, system controls, and our continued mission to deliver excellence to our clients,” said Marty Puranik, CEO of Atlantic.Net. “Authenticating these processes to ensure our clients are provided with consistent,...

Read More
Allscripts Ransomware Attack Impacts Cloud EHR and EPCS Services
Jan22

Allscripts Ransomware Attack Impacts Cloud EHR and EPCS Services

An Allscripts ransomware attack occurred on Thursday January 18, resulting in several of the firm’s applications being taken offline, including its cloud EHR and electronic prescriptions platform. The attack came just a few days after two Indiana hospitals experienced SamSam ransomware attacks. The Allscripts ransomware attack is also believed to have involved a variant of SamSam ransmware – a ransomware family extensively used in attacks on healthcare providers. Allscripts is a popular electronic health record (EHR) system and Electronic Prescriptions for Controlled Substances (EPCS) provider, with its platform used by many U.S healthcare organizations, including 2,500 hospitals and 19,000 post-acute care organizations. More than 180,000 physicians, 100,000 electronic prescribing physicians, and 40,000 in-home clinicians use Allscripts. The Allscripts ransomware attack commenced in the early hours of Thursday morning. Rapid action was taken to remove the ransomware and restore data, with the incident response teams at Microsoft and Cisco called in to assist. An investigation...

Read More
53% of Businesses Have Misconfigured Secure Cloud Storage Services
Oct09

53% of Businesses Have Misconfigured Secure Cloud Storage Services

The healthcare industry has embraced the cloud. Many healthcare organizations now use secure cloud storage services to host web applications or store files containing electronic protected health information (ePHI). However, just because secure cloud storage services are used, it does not mean data breaches will not occur, and neither does it guarantee compliance with HIPAA. Misconfigured secure cloud storage services are leaking sensitive data and many organizations are unaware sensitive information is exposed. A Business Associate Agreement Does Not Guarantee HIPAA Compliance Prior to using any cloud storage service, HIPAA-covered entities must obtain a signed business associate agreement from their service providers. Obtaining a signed, HIPAA-compliant business associate agreement prior to the uploading any ePHI to the cloud is an important element of HIPAA compliance, but a BAA alone will not guarantee compliance. ePHI can easily be exposed if cloud storage services are not configured correctly. As Microsoft explains, “By offering a BAA, Microsoft helps support your HIPAA...

Read More
HITRUST/AMA Launch Initiative to Help Small Healthcare Providers with HIPAA Compliance
Sep27

HITRUST/AMA Launch Initiative to Help Small Healthcare Providers with HIPAA Compliance

HITRUST has announced it has partnered with the American Medical Association (AMA) for a new initiative that will help small healthcare providers with HIPAA compliance, cybersecurity, and cyber risk management. Small healthcare providers can be particularly vulnerable to cyberattacks, as they typically lack the resources to devote to cybersecurity and do not tend to have the budgets available to hire skilled cybersecurity staff. This week has underscored the need for small practices to improve their cybersecurity defenses, with the announcement of two cyberattacks on small healthcare providers by the hacking group TheDarkOverlord. Recent ransomware attacks have also shown that healthcare organizations of all sizes are likely to be attacked. Organizations of all sizes must practice good cyber hygiene and have the right defenses in place to improve resilience against ever changing cyber threats. HITRUST and AMA will be hosting 2-hour workshops where physicians and other healthcare staff will be educated on key areas of risk management, HIPAA compliance, and cybersecurity, with the...

Read More
Atlantic.Net Cloud Platform Automatically Encrypts Data At Rest
Aug30

Atlantic.Net Cloud Platform Automatically Encrypts Data At Rest

Healthcare organizations looking to use the cloud for storing ePHI or hosting applications that interact with ePHI require world-class hosting services with top grade security. To further meet the needs of healthcare clients, Atlantic.Net has implemented a cloud platform that automatically encrypts all customer data at rest for maximum protection against unauthorized data access. World-class encryption mechanisms are used to encrypt data at the storage layer. For ease of use, the encryption takes place in a transparent manner and requires no configuration to reduce the potential for user error. The default encryption setting is part of Atlantic.Net’s ongoing efforts to ensure the privacy of all customer data. Atlantic.Net believes customer privacy is paramount, and a security setting as important as encryption should not be an optional or add-on feature. Encryption is provided to all customers free of charge. Prior to being written to disk, all data is encrypted using the Advanced Encryption Standard 256-bit (AES-256) cipher. AES256 is the only cipher approved by the NSA for...

Read More
Is Dropbox HIPAA Compliant?
Jul14

Is Dropbox HIPAA Compliant?

Healthcare organizations can benefit from using Dropbox, but is Dropbox HIPAA compliant? Can the service be used to store and share protected health information? Is Dropbox HIPAA Compliant? Dropbox is a popular file hosting service used by many organizations to share files, but what about protected health information? Is Dropbox HIPAA compliant? Dropbox claims it now supports HIPAA and HITECH Act compliance but that does not mean Dropbox is HIPAA compliant. No software or file sharing platform can be HIPAA compliant as it depends on how the software or platform is used. That said, healthcare organizations can use Dropbox to share or store files containing protected health information without violating HIPAA Rules. The Health Insurance Portability and Accountability Act requires covered entities to enter into a business associate agreement (BAA) with an entity before any protected health information (PHI) is shared. Dropbox is classed as a business associate so a BAA is required. Dropbox will sign a business associate agreement with HIPAA-covered entities. To avoid a HIPAA...

Read More
Palo Alto Networks Launches New Cloud-Based Security Service for Mobile Users
Jun14

Palo Alto Networks Launches New Cloud-Based Security Service for Mobile Users

Palo Alto Networks has launched a new cloud-based security service that can be used to protect remote locations and users of mobile devices via the Palo Alto Networks Next-Generation Security Platform and apply security controls such as URL Filtering and Threat Prevention. Many businesses operate across multiple locations and have a highly distributed workforce. The new Palo Alto Networks GlobalProtect cloud service makes it easier for businesses to secure remote networks and protect mobile users without backhauling traffic to the corporate network or using multiple point products. The new Palo Alto Networks GlobalProtect cloud service protects all employees via the Palo Alto Networks Next-Generation Security Platform, regardless of where they are located. The GlobalProtect cloud service allows administrators to easily add new locations and mobile workers and implement and update security policies as required. The service is always on and kept up to date and helps organizations ensure consistent security for the entire organization, regardless of location or the devices used. With...

Read More
Healthcare Providers Are Wasting Millions on Cloud Hosting
Apr12

Healthcare Providers Are Wasting Millions on Cloud Hosting

A study by Communications for Research showed that healthcare organizations are now spending $40 billion a year on IT programs, while MarketsandMarkets research indicates $3.73 billion of that budget is spent on cloud services. By 2020, cloud spending is expected to triple and reach $9.5 billion. MedGadget healthcare market research suggests there will be a 21.95 percent CAGR for spending on cloud computing by the healthcare industry by 2019. More and more healthcare organizations are seeing the benefits that can be gained from switching to cloud computing, especially as a way of reducing IT spending. The public cloud is elastic and capacity can be increased or decreased on demand, but the reality is most organizations use of the cloud involves considerable wastage. Organizations are paying for the public cloud and are ensuring their instances have sufficient capacity, yet for a lot of the time much of the capacity that is paid for is redundant. The 2017 Rightscale State of the Cloud Report suggests 46% of enterprises are carefully monitoring cloud use and are rightsizing their...

Read More
Atlantic.Net Customers Enjoy 100x Speed Boost with New SSD Cloud VPS Hosting Platform
Mar18

Atlantic.Net Customers Enjoy 100x Speed Boost with New SSD Cloud VPS Hosting Platform

Atlantic.Net has announced its new SSD Cloud VPS Hosting Platform has now been made available to new and existing customers. Atlantic.Net’s world-class cloud VPS hosting solutions are a popular choice with SMBs and the company has been enjoying sustained growth, particularly in the healthcare and e-commerce sectors. Customers also now have increasing performance requirements and need greater speeds and faster data access. In order to continue to meet customers’ needs, Atlantic.Net invested significantly in new hardware and has now implemented the new solid state drives for its VPS hosting platform. The upgrade is likely to be noticed by existing customers. The new enterprise Solid State Drives are a significant advance on the previous storage hardware and are capable of 100x faster read and write speeds. Customers are most likely to notice the difference in their start up times, which will be considerably faster, and there will be noticeable improvements due to the enhancements to random access time, data transfer rate, and read performance. “Our customer’s ever increasing...

Read More
OCR Warns Covered Entities of Risk of DDoS Attacks
Dec08

OCR Warns Covered Entities of Risk of DDoS Attacks

There has been a surge in Distributed Denial of Service (DDoS) and Denial of Service (DOS) attacks over the past few weeks. The attacks involve flooding systems with information and requests to cause those systems to crash. The attacks have resulted in large sections of the Internet being taken offline, email systems have crashed, and other computer equipment taken out of action. DDoS attacks on healthcare organizations could prevent patients from accessing web services such as patient portals during an attack, but they can also prevent healthcare employees from accessing systems that are critical for healthcare operations. EHRs, payroll systems, or even software-based medical equipment such as drug infusion pumps and MRIs can potentially be taken out of action. Not only do DDoS attacks prevent these systems from being accessed, they can also result in substantial hardware damage and the cost of repair can be considerable. The scale of the recent attacks has been astonishing. Whereas last year, DDoS attacks of the order of 300 Gbps something of a rarity, this year we have seen...

Read More
69% of IT Security Pros Concerned About Unauthorized Cloud Data Access
Nov17

69% of IT Security Pros Concerned About Unauthorized Cloud Data Access

The adoption of cloud services continues to increase, with 68% of organizations now using at least one cloud service, up from 43% last year. However, the security of data stored in the cloud is still a major concern, according to the second annual Cloud Security Report from Netwrix. For the global Cloud Security Report, Netwrix surveyed 660 companies spread across more than 30 industries. The research shows that while cloud service providers are committing more resources to protecting their infrastructure and customers’ data, they are struggling to convince IT security professionals that adequate protections have been put in place. 7 out of 10 organizations expressed concern about the privacy and security of cloud technology and fewer than half of organizations (44%) that use cloud services believed adequate protections had been implemented by their cloud service providers. The biggest concern was unauthorized data access by employees and third parties. 69% of respondents expressed concern about unauthorized access. The other two main concerns were malware and Denial of Service...

Read More
Extent of Unauthorized Cloud Service Usage by Employees Uncovered
Jun29

Extent of Unauthorized Cloud Service Usage by Employees Uncovered

How many cloud services is your organization using? According to a new report, if the figure is under 928 – the average number of cloud services used by healthcare providers – you may be underestimating the extent to which employees are using the cloud. The data suggest employees are breaching security policies by using cloud services that lack the necessary security controls. If the data collected is representative of the healthcare industry as a whole, HIPAA violations are being committed on a daily, if not hourly basis by healthcare professionals. Benefits of HIPAA-Compliant Cloud Services   There are a number of advantages to be gained from using cloud services. Healthcare providers and other HIPAA-covered entities can cut IT equipment and maintenance costs by hosting data in the cloud. Leveraging cloud services can also improve productivity, and speed up accessing and logging of patient data. A number of healthcare providers have been able to improve patient health outcomes by making use of cloud services. Security Risks Being Taken by Employees   Skyhigh Networks...

Read More
Atlantic.Net Opens NYC Cloud Hosting Center
May04

Atlantic.Net Opens NYC Cloud Hosting Center

Atlantic.Net has continued its expansion by opening a fifth HIPAA cloud data center in New York City (NYC). The NYC data center is now fully operational and the full compliment of Atlantic.Net hosting and cloud hosting services are now being provided through the facility. The company’s infrastructure, owned by Telx, has been growing rapidly in response to increasing demand. The new data center was established to accommodate the growing demand for fast, secure hosting and data storage due to the number of New York startups and the thriving developer communities. Given the target market, it is no surprise that the NYC cloud center has been developed to cater to the needs to the developer community. Atlantic.Net has incorporated developer-friendly features to eliminate unnecessary complexity and ensure the fastest possible deployments. The new features include a host of one-click apps, such as WordPress, Django, LAMP, LEMP, Docker, and Node.js and customers will benefit from superior network speeds. The new data center is located in a seven-story, 179,000 square foot facility in close...

Read More
A-Lign Auditors Confirm Atlantic.Net Hosting Service is HIPAA-Compliant
Apr14

A-Lign Auditors Confirm Atlantic.Net Hosting Service is HIPAA-Compliant

Atlantic.Net has announced it has been verified by a third party as fully compliant with the requirements of the Health Insurance Portability and Accountability Act (HIPAA) Rules and fully meets its responsibilities as a business associate of HIPAA-covered entities. Atlantic.Net has developed a HIPAA-compliant hosting platform for the healthcare industry. The platform incorporates a range of technical safeguards to ensure that its customers’ data remains 100% secure at all times and protected against unauthorized access. To ensure that all provisions of HIPAA had been satisfied, Atlantic.net engaged the third-party, full-service security, assurance, and compliance solutions firm A-lign to conduct a compliance audit to assess Atlantic.Net controls and safeguards against the HIPAA Security Rule. “Our audit finds Atlantic.Net is in full compliance with the relevant controls and meets all HIPAA compliance standards and requirements for physical and environmental controls, and the management oversight of the environment,” said Gene Geiger, Partner, A-lign. The Orlando-based hosting...

Read More
Cloud Security Adoption: Healthcare and Pharmaceutical Lead the Way
Mar31

Cloud Security Adoption: Healthcare and Pharmaceutical Lead the Way

When it comes to Cloud Security adoption, the healthcare and pharmaceutical industries lead the way according to a recent survey by CipherCloud, an industry leading provider of secure cloud services. Both industries are required to implement safeguards – under the Health Insurance Portability and Accountability Act (HIPAA) – to ensure that Protected Health Information is kept private and confidential, which according to the report is the reason why cloud security adoption is so important and uptake has been so high in these industries. Healthcare and pharmaceuticals have been grouped together in the report, and account for 38% of companies which have chosen to store data securely in the cloud. The banking and finance industry is second, accounting for 25% of companies, with telecommunications third (16%) and the Government in fourth spot (9%). HIPAA does not demand that PHI is encrypted while at rest, although data encryption is an addressable area. If covered-organizations decide not to encrypt data, they must document the reasons why, along with the alternative safeguards...

Read More
AIS Network Announces Launch of HIPAA Compliant Secure Cloud Services
Feb16

AIS Network Announces Launch of HIPAA Compliant Secure Cloud Services

AIS Network has announced the launch of a range of managed High Security Private Cloud services which are fully HIPAA-compliant, and have been developed to offer the highest levels of security as required by the healthcare sector. The company’s new range of services is fully compliant with HIPAA, HITECH, PCI and FISMA, and has been developed specifically for highly regulated industries. Many healthcare providers are reluctant to outsource their IT services, in particular if they require contact with highly sensitive data. Outsourcing payment and patient portals and data storage can increase the risk of committing HIPAA-violations. In order for healthcare providers to make the switch to managed cloud services they must be confident that the service provider they choose understands healthcare regulations and can guarantee 100% HIPAA compliance. Few providers are prepared to give such a guarantee. AIS Network provides a solution with a suite of compliant High Security Cloud Services built on the Microsoft Cloud Platform. This ensures easy integration with existing healthcare...

Read More
Outsourcing IT to HIPAA Compliant Data Centers is a Viable Solution
Dec08

Outsourcing IT to HIPAA Compliant Data Centers is a Viable Solution

Healthcare organizations are facing an increasing financial and logistical burden as a result of stricter HIPAA privacy and security rules. Additionally, as the volume of electronic data increases, healthcare organizations must allocate extra resources to their IT departments to ensure that the data is protected and IT systems are made more robust. Most healthcare centers operate with strict budgets and often there are insufficient funds to develop the necessary IT infrastructure to ensure HIPAA compliance; however with audits being conducted by the Office for Civil Rights, doing nothing is not an option. Heavy fines are being issued for each instance of non-compliance found by the OCR which are far in excess of the cost of upgrading current systems. In order to comply with current regulations, healthcare organizations must either invest in their IT departments and upgrade their existing data centers, or if this is not viable, construct new data centers and incorporate the latest technology, hardware and software to ensure the ePHI of patients is properly protected. There is also a...

Read More
Government Conference Highlights Importance of HIPAA Compliance
Sep25

Government Conference Highlights Importance of HIPAA Compliance

This September the Government held the 7th annual conference, Safeguarding Health Information: Building Assurance Through HIPAA Security, in Washington, D.C. The conference was co-hosted by the National Institute of Standards and Technology (NIST), the Office for Civil Rights (OCR) and the Department of Health and Human Services (HHS). One of the main aims of the conference was to highlight the current state of health information management and to explore the use of information technology in healthcare while ensuring Health Insurance Portability and Accountability Act (HIPAA) compliance. Practical advice and strategies were also provided to streamline implementation of the HIPPA Security Rule. The HIPPA Security Rule was introduced to set a standard to protect the privacy and confidentiality of patients’ health information. Healthcare organizations and other HIPAA covered entities are required implement appropriate safeguards to protect electronic health information during storage and transit. Appropriate technical, administrative and physical safeguards must be employed to prevent...

Read More
Cloud Service Providers Must Comply with HIPAA Regulations
Aug20

Cloud Service Providers Must Comply with HIPAA Regulations

The growing data storage demands placed on healthcare organizations require frequent hardware updates and increasing amounts of space dedicated to servers and IT staff must be employed to manage hardware, update software and maintain networks. Many healthcare companies lack the space or resources to securely store data and outsource their data storage to cloud service providers. The recently introduced HIPAA Omnibus Rule – often referred to as the Megarule due to its extensive changes to existing legislation – updates the Health Insurance Portability and Accountability Act (1996) expanding its reach to include business associates of healthcare companies and their subcontractors. In order to do business in the healthcare sector, IT and data storage companies must now comply with HIPAA regulations and sign a business agreement with the healthcare provide for whom they are providing the service. In the case of cloud hosting companies it is clear that HIPAA regulations apply as the companies are required to store Protected Health Information, even if the data is not actually viewed....

Read More
Cloud Service Providers Must Become HIPAA Compliant
Jul09

Cloud Service Providers Must Become HIPAA Compliant

On 26th March, 2013 the Omnibus Final Rule of the Health Insurance Portability and Accountability Act came into effect, after a long period of amendments and adjustments. The main purpose of the new legislation is to adjust the HIPAA Privacy and Security Rules and breach notification rules, with this major amendment often referred to as “The HIPAA Mega Rule”. The new rules apply to all HIPAA covered entities and the Department of Health and Human Services will be enforcing the rules; its Office for Civil Rights is due to commence a serious of random audits to check for compliance later this year. The new rules apply not only to healthcare organizations but also their business associates. Under the final rule the definition of business associate has also been changed, and now includes any provider of a service that has contact with electronic protected health information (ePHI). Specifically this means any entity that “creates, receives, maintains, or transmits protected health information (PHI) on behalf of a covered entity”, and they must now agree to abide by the HIPAA Omnibus...

Read More