HIPAA Compliant Web Hosting
|

HIPAA Compliant Cloud Web Hosting

The Health Insurance Portability and Accountability Act (or HIPAA) passed in 1996 made it so that those who interact with personal health records are responsible for following the standards published by the Secretary of Health and Human Services in relation to the privacy and security of health-related information. Those standards include the electronic exchange of health records.

Healthcare providers have increasingly moved their records and related applications outside of their intranet and into the cloud for many reasons, including th

In order for a hosting company’s services to be considered HIPAA compliant, they must pass the items in the following checklist.

LiquidWeb is a certified HIPAA web hosting company, one of a few web hosts who will sign a Business Associate Agreement (BAA) with their clients who need to be HIPAA compliant.

Liquid Web Storm VPS

HIPAA Compliant Hosting Checklist

  • The host must be willing and able to sign a Business Associate Agreement (BAA)
  • On-site support must be provided around the clock: 24/7/365
  • The hosts core data centers must be wholly owned by the host, not rented or co-owned.
  • The servers must be Fully Managed, meaning they are in an isolated hosting environment in which the hosting provider handles the setup, administration, and support of the web hosting services.
  • The server cabinets (where the servers are physically kept) must be secured.
  • The host must use a high availability infrastructure, meaning that it is designed to operate continuously, with safeguards in place to prevent failure.
  • There must be a hardware firewall installed and configured.
  • Data At-Rest Encryption (DARE) must be used by the host to secure data that is in databases, file systems, and other forms of data that is not being moved across a network.
  • Administrative and physical safeguards must be in place as directed by the HIPAA regulations and the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009.

Business Associate Agreement (BAA)

A Business Associate Agreement must be in place between the web host and the customer who’s storing data in the host’s data center and transferring that data to and from the data center through their network.

The Business Associate Agreement formally allows the hosting company to be an “associate” of the HIPAA-restricted customer (referred to as the “Covered Entity” in the BAA) for the purpose of handling data that is considered protected health information.

The Business Associate Agreement outlines the duties of the host with regard to the protected health information that is being managed by them. The details listed in the checklist above are typically spelled out in the Business Associate Agreement.

HIPAA Compliant Web Hosts

Because of how complicated and intensive the HIPAA requirements are, most web hosting companies are not HIPAA compliant. Many of those web hosts who are not HIPAA compliant will actually have a section of their terms of service language that forbids using their web hosting services for storing protected health information as defined by HIPAA.

Among the thousands of web hosts that exist, only a small fraction of them are HIPAA compliant. Here are a few of them.

LiquidWeb

Atlantic.net

Rackspace

Amazon Web Services (AWS)

Microsoft Azure

HIPAA Vault

References:

HHS HIPAA Health and Technology: https://www.hhs.gov/hipaa/for-professionals/special-topics/health-information-technology/index.html

Guidance on HIPAA and Cloud Computing

Similar Posts

How to Fix SMTP 550 5.7.1 Error
| |

How to Fix SMTP 550 5.7.1 Error

ByRichard Robbins

Recently I changed my web host for a couple of my online stores, OnlineSafetyDepot.com and SweatshirtStation.com, from a LiquidWeb VPS account (which has become excruciatingly slow and bogged down with technical errors that I haven’t had much luck with LiquidWeb support to fix…that’s another story.) to my new hosting account on Pressable.com, which is set…

Google Pub/Sub
|

Google Pub/Sub

ByRichard Robbins

Google Cloud Pub/Sub is a real-time messaging service that enables you to send and receive messages between independent applications. Part of the Google Cloud Platform (GCP), it is designed to provide reliable, many-to-many, asynchronous messaging between decoupled systems. Google Pub/Sub can be used to create event-driven architectures, stream analytics, or as a building block for…

Alibaba Cloud Hosting
|

Alibaba Cloud Hosting

ByRichard Robbins

Alibaba Cloud, also known as Aliyun, is the cloud computing arm of the Alibaba Group, one of the largest e-commerce and technology conglomerates in the world. Founded in 2009, Alibaba Cloud has rapidly grown to become the leading cloud provider in China and a significant player globally. It offers an extensive range of cloud computing…

Amazon DynamoDB
|

Amazon DynamoDB

ByRichard Robbins

Amazon DynamoDB is a managed NoSQL database service designed for high availability, high throughput, and seamless scalability. Offered by Amazon Web Services (AWS), DynamoDB has become a cornerstone for organizations that need a robust database solution without the administrative overhead. Intro to DynamoDB Created by Amazon to address the scalability limitations of large-scale databases, DynamoDB…