Share this article on:
The Windcrest, TX-based managed cloud computing company Rackspace offers public cloud and email hosting services, but can they be used by HIPAA-covered entities without violating HIPAA Rules? Is Rackspace HIPAA compliant?
Will Rackspace Sign a Business Associate Agreement with HIPAA Covered Entities?
Rackspace is aware that by allowing healthcare organizations to use its services, the company is classed as a HIPAA business associate and must agree to comply with the HIPAA Privacy and Security Rules.
Rackspace has obtained HITRUST and HITRUST CSF certifications which demonstrate the company meets the data and privacy security standards demanded by HIPAA for managed public, private, and hybrid cloud environments. The company uses extended SSL encryption and meets PCR DSS data security requirements.
The company provides assistance to healthcare companies to help them use its services and comply with HIPAA Rules and develop an approach that satisfies HIPAA Rules and meets their business needs.
Rackspace will also sign a business associate agreement for its dedicated hosting services, which is included by default for customers in the healthcare industry.
Is Rackspace HIPAA Compliant?
Rackspace is prepared to sign a business associate agreement with healthcare organizations and has implemented all the necessary safeguards to ensure that its hosting services can be used by healthcare organizations without violating HIPAA Rules.
Rackspace can therefore be considered to be a HIPAA complaint hosting company, provided customers use its dedicated hosting services and obtain a business associate agreement prior to using its hosting services in connection with any PHI.
However, it is the responsibility of all users to ensure that the hosting services are configured correctly. Rackspace cannot determine whether its customers are using its services in a manner that complies with HIPAA Rules.
Covered entities must take full responsibility for ensuring the requirements of HIPAA are satisfied and appropriate safeguards are maintained.