HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Is Rackspace HIPAA Compliant?

The Windcrest, TX-based managed cloud computing company Rackspace offers public cloud and email hosting services, but can they be used by HIPAA-covered entities without violating HIPAA Rules? Is Rackspace HIPAA compliant?

Will Rackspace Sign a Business Associate Agreement with HIPAA Covered Entities?

Rackspace is aware that by allowing healthcare organizations to use its services, the company is classed as a HIPAA business associate and must agree to comply with the HIPAA Privacy and Security Rules.

Rackspace has obtained HITRUST and HITRUST CSF certifications which demonstrate the company meets the data and privacy security standards demanded by HIPAA for managed public, private, and hybrid cloud environments. The company uses extended SSL encryption and meets PCR DSS data security requirements.

The company provides assistance to healthcare companies to help them use its services and comply with HIPAA Rules and develop an approach that satisfies HIPAA Rules and meets their business needs.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

Rackspace will also sign a business associate agreement for its dedicated hosting services, which is included by default for customers in the healthcare industry.

Is Rackspace HIPAA Compliant?

Rackspace is prepared to sign a business associate agreement with healthcare organizations and has implemented all the necessary safeguards to ensure that its hosting services can be used by healthcare organizations without violating HIPAA Rules.

Rackspace can therefore be considered to be a HIPAA complaint hosting company, provided customers use its dedicated hosting services and obtain a business associate agreement prior to using its hosting services in connection with any PHI.

However, it is the responsibility of all users to ensure that the hosting services are configured correctly. Rackspace cannot determine whether its customers are using its services in a manner that complies with HIPAA Rules.

Covered entities must take full responsibility for ensuring the requirements of HIPAA are satisfied and appropriate safeguards are maintained.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.