HIPAA Compliant Hosting
More and more healthcare organizations are turning to HIPAA compliant hosting companies to help them complete their digital transformations and move their IT infrastructure, data, and applications to the cloud.
The Health Insurance Portability and Accountability Act (HIPAA) was signed into law in 1996 at a time when the Internet was still in its infancy and healthcare organizations were recording patient information on paper. It could not have been predicted how technology would progress and how IT practices would change over the next two decades, so the legislation has been kept technology neutral.
Cloud computing is not specifically mentioned in the HIPAA text, but it is covered by the HIPAA Privacy and Security Rules and there are restrictions placed on the use of cloud services in connection with protected health information (PHI).
HIPAA does not prohibit healthcare organizations from moving patient information from secure, internal IT environments to public or private cloud platforms, provided the service provider signs a business associate agreement and agrees to implement safeguards to ensure the privacy and security of health information and comply with all appropriate provisions of HIPAA Rules.
HIPAA Hosting Companies and HIPAA Compliance Certification
One of the problems healthcare organizations face when selecting a vendor is there is no official HIPAA certification program that guarantees a service or company is in compliance with HIPAA Rules.
Third party audits and assessments can be performed by HIPAA specialists, but they will only provide a snapshot of compliance at a particular moment in time. It is for this reason that there is no official HIPAA compliance certification body.
HIPAA compliance certification may not be officially recognized, but it does show a vendor’s commitment to compliance and provides healthcare organizations with reassurances that the platform is secure and incorporates all the necessary safeguards and controls to support HIPAA-compliance.
SOC 2 TYPE I and TYPE II certifications are not a requirement for HIPAA hosting providers, although the certifications demonstrate that vendors have proven that its systems have been designed to keep all client data secured.
Key Features of HIPAA-Compliant Cloud Hosting
To help you choose a suitable HIPAA hosting provider, we have compiled a list of some of the key features of HIPAA-compliant hosting platforms you should look for. The following list contains the most important features to look for when selecting a hosting provider whose service will be used in connection with PHI.
A HIPAA-compliant cloud hosting environment should include:
- A robust firewall and intrusion prevention system
- Encrypted VPNs for securely connecting to the cloud to access, upload, or download PHI
- Robust encryption for data at rest
- Strong authentication controls including multi-factor authentication
- Event log management to maintain an audit trail
- Reliable data backups, offsite backup storage, and data recovery assistance
- 100% server availability and reliability, ideally with a 100% server uptime SLA.
- Data stored in HIPAA-compliant data centers
Third-party HIPAA/HITECH assessments and audits are a good guide as to which hosting companies are in compliance with HIPAA. The hosting provider must also be prepared to sign a business associate agreement (BAA) covering all products and services that will be used in connection with PHI.
HIPAA-Compliant WordPress Hosting
WordPress is a popular CMS for creating and managing website content that is extensively used in healthcare. If a WordPress website interacts with anyone’s PHI, a range of privacy and security features are required to meet HIPAA requirements. The website must also be hosted with a HIPAA compliant hosting company.
HIPAA-Compliant Database Hosting
The reliability of today’s cloud platforms means healthcare organizations can reduce costs by migrating their databases to the cloud, while continuing to enjoy 100% uptime and superb performance. Third party platform providers take care of many aspects of security, reducing the administrative burden of database management.
HIPAA-Compliant Cloud Storage
Healthcare organizations are not limited to on-premises solutions for storing patient data. HIPAA-compliant cloud storage platforms provide an equivalent level of security as on-premises servers, but at a fraction of the cost.
HIPAA-compliant cloud storage services are available which offer total protection for stored data, with robust access controls and strong encryption for data at rest and in transit to and from the storage server.
HIPAA-Compliant Data Centers
Healthcare organizations that outsource their on-premises data centers can enjoy considerable cost savings while improving privacy protections for patients. HIPAA-compliant data centers store information remotely on high-performance secure servers with guaranteed uptime to ensure health data is always available to providers
HIPAA-Compliant Disaster Recovery
In the event of disaster, getting systems back online and restoring data access quickly are critical. Hosting providers offer a range of data backup and disaster recovery services to ensure cloud workloads are protected and data can always be recovered.
HIPAA-Compliant Managed Services
HIPAA hosting companies typically offer a range of managed services to healthcare organizations, from consultancy services, cloud migration assistance, to enhanced security and virtual IT department services.