In web hosting industry, there's a special service that requires HIPAA compliance. What's it? How can a hosting service meet up with HIPAA compliance? This article will explain side by side and help find the best HIPAA compliant hosting plan.
It's abbreviation of Health Insurance Portability and Accountability Act, it sets law protection and use of Personal (or Protected) Health Information (PHI). This includes covered entities (CE) and anyone with access to patient information must be in compliance.
What's HIPAA Compliant Hosting?
There's some recent changes in HIPAA that require Covered Entities and all of their Business Associates who create, receive, maintain transmit or have access to protected health information (or the possibility exists that the protected health information in the business associate's custody or control could be compromised) to independently comply with HIPAA. If you store or transmit electronic protected health information via a hosting service, the hosting company must be HIPAA Compliant.
However, it's not easy to be HIPAA compliant because of required technologies and safeguards protection over physical equipments. Generally, a hosting company must have the following facilities provided
Physical safeguards. This include limited facility access and control, with authorized access in place. Basically it's requirement to hosting data center space where is final location of all datas. Hosting companies either need to rent server space from HIPAA compliant ISP or simply setup their own data centers by following HIPAA compliance.
Technical safeguards. A server layer protection with access control to allow only the authorized to access electronic protected health data. This includes both server data protection as well as monitoring system to ensure the highest safety.
Log reports. Audit reports & logs must be implemented to keep records of activity on hardware and software. This will tell how's your data being accessed, used and edited so you can track the violations source if problem occurs.
Secure backup policies. All sensitive data should be securely backed up with quick recovery. The policy must ensure all PHI data can be recovered accurately and intact. Backup should be idealy placed offsite where can't be accessed publicly.
Data transmission protection. The last technical safeguard over PHI. This concerns all methods of transmitting data, whether it be email, Internet, or even over a private network such as a private cloud. Hosting company must provide necessary technologies such as SSL and other data encryption solutions.
HIPAA Compliant Hosting Plan
Who can provide quality HIPAA compliant hosting plan? As from above explanation and HIPAA requirements, a decent HIPAA compliant hosting provider must have their own HIPAA compliant data center space with leading safe protection. Because security is the highest requirement, hosting company must have the following features provided:
- Private Firewall services with VPN for remote access
- Managed private Cloud Server
- Separate database and web servers
- Offsite Backup at a minimum, IT Disaster Recovery is better
- SSL certificates and HTTPS for all web-based access to PHI
- Setup private IP addresses
There're not too many hosting providers announced to be HIPAA compliant, www.onlinetech.com is one of the very few hosts who provides detailed explanation for their HIPAA hosting service. Onlinetech provides multiple HIPAA hosting plans via Cloud, Managed Servers and Colocation solutions.
Resource of U.S. Department of Health and Human Services.