HIPAA Vault is a San Marcos, CA-based provider of HIPAA compliant hosting solutions and secure encrypted email for healthcare providers, business organizations, and government agencies. The company’s solutions incorporate advanced security features to mitigate cyber threats and security vulnerabilities and ensure electronic protected health information remains private and always available.
The company was formed in 1997 by CEO Gil Vidals to provide healthcare organizations with secure, reliable, and affordable hosting services, backed up with world-class customer service and technical support.
HIPAA Vault has grown into a world-class secure cloud provider and boasts a myriad of clients, from small single-physician practices, medical offices, and health clinics to large enterprises such as Deloitte and Northrop Grumman.
HIPAA Vault is committed to providing an exceptional service and continuously invests in the latest technologies and techniques to ensure maximum efficiency and continued compliance, from containers and Kubernetes for infrastructure management and scaling to log management and vulnerability assessment scanning.
HIPAA-Compliant Data Centers
HIPAA Vault has best-in-class secure data centers in multiple geographic locations including San Diego, CA and Phoenix, AZ. All data centers have been SSAE 16 certified and feature carrier-neutral Internet connectivity.
Data centers feature cutting-edge technology with connectivity via redundant OC-48s linked to Cisco 15454 SONET MPPs for the highest levels of uptime, with the OC-48 connections providing access to hundreds of fiber networks and carriers.
All data centers are protected to the highest industry standards with extensive technical safeguards and physical security measures to prevent unauthorized access to data and hardware.
HIPAA Vault has undergone a 3rd-party audit with Compliancy Group, which provides one of the most recognized and rigorous HIPAA auditing programs. Compliancy Group’s audit verified HIPAA Vault is fully compliant with the HIPAA Privacy, Security, Omnibus, and Breach Notification Rules, and all requirements of the HITECH Act. The audit also confirmed that HIPAA Vault has implemented an effective, ongoing HIPAA compliance program involving continuous verification of policies and procedures with regular updates to ensure complete compliance.
All customers are provided with a mechanism to independently verify that their health data is fully compliant with HIPAA cloud standards through the HIPAA Vault HIPAA Cloud Compliance Program.
HIPAA Vault has also been independently verified as compliant with NIST (800-53), SOC 1, SOC 2, and SOC 3, and participates in HUBZone, SBA 8(a), Certified Small Disadvantaged Business, and DBE programs and is GSA certified.
HIPAA Hosting Solutions
Healthcare organizations that transition to the cloud can eliminate capital expenditures and reduce ongoing IT management and maintenance costs, freeing up resources to allow them to focus on providing care for patients. By choosing a HIPAA-compliant cloud service provider they can be certain that their sensitive data is 100% secure and they are fully compliant with the requirements of HIPAA.
HIPAA Vault offers HIPAA compliant Linux and Windows hosting with the packages offering 6 CPUs, 18.75 GB RAM and 80 GB SSD (Linux) and 125 GB storage (Windows).
All HIPAA compliant hosting plans include ePHI encryption, BC/DR, 2-factor authentication, managed firewall rules, IDS &IPS, AV protection, password management, custom IP reputation, host intrusion detection systems, web application firewalls, vulnerability testing multi-tenant isolation, server hardening, logging, anti-DDoS management, SSL certificates & management, bootless kernel updates, system monitoring, Security Information and Event Management (SIEM), and onsite and offsite backups.
All clients benefit from 24/7/365 support and technical assistance from a highly skilled team of engineers and system administrators, who are happy to provide assistance at all hours, whether that is providing answers to general hosting questions or giving technical advice on advanced firewall configurations and system monitoring.
HIPAA Compliant Email
HIPAA Vault offers HIPAA compliant encrypted email for Outlook Office 365 and Google G-Suite Gmail.
HIPAA Vault’s HIPAA Compliant Email for Outlook Office 365 can be seamlessly integrated into existing email infrastructure and simplifies the encryption of email to prevent the interception of ePHI in transit to comply with the requirements of the HIPAA Security Rule.
The solution provides end-to-end encryption from inbox to inbox, giving customers full confidence that only the intended recipients can view the contents of email communications. No clients are required and recipients can access a decrypted copy of their emails by simply signing into their Outlook Office 365 account. Email retention policies can be set through Exchange Online Archiving to meet email retention requirements and through integration with Azure Information Protection, data can be labelled for auditing purposes and data loss prevention.
HIPAA Vault has entered into a Business Associate Agreement (BAA) with Google and offers enterprise-class HIPAA compliant email for G-Suite email. HIPAA Vault’s Gmail solution uses Virtru’s advanced encryption technology for emails and attachments containing ePHI and features end-to-end encryption to protect against unauthorized ePHI access. The solution includes on-premises, customer-managed encryption keys, data leak policy management, SIEM integration, and granular reporting.
HIPAA Compliant WordPress
WordPress is a popular content management system used by many healthcare organizations and HIPAA-business associates; however, out of the box WordPress is not HIPAA compliant and is not suitable for the collection, storage, and transfer of ePHI.
To allow healthcare providers to enjoy the benefits of WordPress, HIPAA Vault created a fully managed, HIPAA compliant WordPress hosting package for healthcare professionals that includes migration services to transfer existing web content to WordPress and a choice of medical WordPress themes for healthcare websites.
The package includes installation, configuration, optimization, establishing permissions, 2-factor authentication, automatic updates of MySQL, PHP and WordPress, Apache server configuration, password management, logging and monitoring of all activity involving ePHI, configuration of sFTP for secure updates, and malware scanning. The solution provides total peace of mind that ePHI is secure and the WordPress site is fully compliant.
Customers also benefit from HIPAA Vault’s industry-leading customer 24/7/365 customer service with a 15-minute response time and 90% first call resolution.
“I am really pleased with HIPAA Vault! The HIPAA Vault – secure email is essential for my job as a mental health therapist and I think the structure is clean and easy to use. The sales and customer support teams are also incredible. I never felt pressured to purchase the service from sales, but rather I was offered appropriate information so I could make a decision that best fit the needs of my practice. Regarding customer service, when I sought clarification (many times!) over a particular concern I had, they came to my rescue by patiently explaining both what caused the problem and offered appropriate solutions with an impressive response time. I highly recommend HIPAA Vault for HIPAA-compliant email service!” Sarah Harrier, MS LMFT.
The team at HIPAA Vault are consummate professionals. They perform for us just like they were on our payroll – which is what you want and need from your frontline protection against the bad actors out there. And they gave us the same support when we were just starting out as they do now that we are 10 times the size! Their service is top notch.” Brian Cafferty, CEO.
“Making the right decision when choosing a HIPAA compliant partner is critical to an organization’s success, and the clear benefits of HIPAA Vault makes them the obvious choice. Their expertise and understanding of my particular needs allow me to be confident in their services; from proper system design to compliance checks and monitoring – allowing me to focus on reaching business goals and further growth.” Matthew F. Fox, Creative Director.