HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

HIPAA Hosting Providers

Healthcare organizations bound by Health Insurance Portability and Accountability Act (HIPAA) Rules must only use HIPAA hosting providers for their websites and cloud-based applications if they collect, process, receive, store, or transmit electronic protected health information (ePHI).

The responsibility for ensuring the confidentiality, integrity, and availability of ePHI is shared between the cloud platform provider and the covered entity. Even if a hosting company does not access any client information, it is still classed as a business associate and is required to implement physical, technical, and administrative safeguards to ensure any ePHI stored on its cloud servers is secured.

It is the responsibility of the covered entity to make sure that security measures such as access controls are applied, event logs are regularly checked for signs of unauthorized activity, and all provisions of the HIPAA Privacy and Security Rules are being adhered to.

Prior to using any cloud service in conjunction with ePHI, a signed business associate agreement (BAA) must be obtained from your chosen HIPAA hosting provider. BAAs provides assurances that HIPAA hosting providers are committed to complying with HIPAA Rules, will report any security breaches involving ePHI to the covered entity, and liability for compliance failures is accepted.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

HIPAA-Complaint Hosting Companies

Searching for suitable HIPAA hosting providers can be a time-consuming process. To help you find the best HIPAA hosting providers that have platforms and services that meet your needs we have listed the leading HIPAA-compliant hosting companies below. These companies offer HIPAA hosting services and are willing to sign a BAA and work with healthcare companies and their business associates.


Altantic offers a range of HIPAA-compliant hosting solutions for healthcare organizations including dedicated Windows and Linux hosting packages, secure cloud hosting packages, MSSQL, MySQL, and PostgreSQL database hosting, and WordPress hosting. Atlantic.Net has 7 U.S data centers and all hosting solutions include a 100% power and network uptime guarantee. Services include managed server hosting, Veeam backup agents, network edge/DDoS protection, server management, MFA, firewall and intrusion detection services, and consulting.



RackSpace offers a range of hosting services, although healthcare organizations should note that the company will only sign business associate agreements for its dedicated hosting services. The dedicated hosting solution is a HITRUST CSF-certified bare-metal HIPAA-ready private cloud in a state-of-the-art secure data center. The dedicated HIPAA hosting solutions includes an SLA with a 100% power and network uptime guarantee.



Connectria offers a range of HIPAA-compliant hosting solutions for healthcare organizations, including high-performance dedicated private clouds and HIPAA-compliant pubic clouds, with support provided for AWS, Azure, and the Google Cloud platform. Connectria’s HyperCare service, which includes the TriA Cloud Management platform, help’s healthcare organizations meet their compliance objectives. Connectria’s in-house HIPAA experts are on hand to help with internal compliance assessments and provide support in the event of an OCR compliance audit.


Liquid Web

Liquid Web offers two pre-configured HIPAA hosting solutions within wholly owned data centers, on fully managed servers and high availability infrastructure. Cloud VPS hosting is offered on managed virtual private servers and single tenant dedicated servers running Linux or Windows are available with real-time monitoring and a 100% network and uptime guarantee. Custom hosting solutions are offered if the above solutions do not meet an organization’s needs. Liquid Web’s core offerings also include backup management and managed security services.



TrueVault offers a different service to most HIPAA hosting providers which simplifies HIPAA compliance in the cloud. The company does not provide a platform for hosting websites and applications, instead the company has developed secure storage for PII and PHI. TrueVault’s RESTful API is used to store and search healthcare data, which is retained within TrueVault’s environment. TrueVault has implemented physical and technical safeguards for its AWS-based storage solution to ensure compliance with HIPAA and the company accepts liability for all PHI stored on its platform and offers a privacy and data breach insurance policy.



Otava – formerly Online Tech – provides a range of hybrid cloud hosting and data protection services for healthcare organizations. The company was one of the first cloud service providers to offer HIPAA-compliant clouds in 2011. The company offers public and private cloud hosting, in addition to a workplace-as-a-service solution, cloud backup-as-a-service, and disaster recovery-as-a-service. Additional services include digital transformation assessments, cloud migration services, remote managing and monitoring, and database services.



iland offers a range of cloud hosting services for healthcare organizations including infrastructure-as-a-service (IaaS), backup-as-a-service (BaaS), and disaster recovery-as-a-service (DRaaS). The IAAS offering is built on the VMware vCloud and Cisco Powered technology and supports a wide range of workloads and incorporates backup-as-a-service and secure disaster recovery-as-a-service. In-house HIPAA compliance experts are available to provide audit and compliance support.