Atlantic.Net Blog

Securing PHI for Behavioral Healthcare Organizations – A Real World Scenario

March 31, 2014 by ( 53 ) under HIPAA Compliant Hosting

0 Comments

government compliance joke - comic

Our site shares a large amount of information with medical companies about finding viable HIPAA cloud hosting and infrastructural solutions. We’ve found that the general information we provide meets the needs of many businesses. However, it also assists many professionals to be able to get a feel for the process through specific situations.

Our Real-World Scenario series serves this function. We show actual discussions between our hosting consultants and clients as they get their questions answered about our services through this series. In this installment, a web developer works with our representative to determine the best solution for securing protected health information (PHI) of behavioral healthcare firms within a HIPAA-compliant environment.

The basics: HIPAA, PHI, and behavioral healthcare

Before we look at an individual interaction related to these issues, it will help to understand the basic terms we are using.

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 safeguards patients’ medical records, with a special focus on electronic medical records (EMR). The three basic categories of organizations that must meet the law’s specifications include healthcare practitioners, plans, and clearinghouses.

All data that must meet the HIPAA requirements are referred to as protected health information (PHI). PHI includes demographics, medical history, tests, insurance details, and other data that healthcare companies compile from patient documents, equipment, and practitioner observation.

HIPAA places guidelines on the scope of protected health information that medical organizations can acquire, the extent to which it can be shared, and its usability for marketing purposes. PHI has to be fully accessible to the patient, who also has the right to correct any errors in the data. It cannot be sold except in situations that involve government projects or the sale of an entire healthcare organization.

Behavioral healthcare is a multidisciplinary area of medicine that focuses on the mental and emotional state of the individual. Many people use it synonymously with the terms psychological healthcare or mental healthcare. Practitioners in this field understand the behaviors of a patient – called biobehavioral interactions within the specialty – as indications of the health of a patient’s mind.

HIPAA Compliant Behavioral Healthcare Solution

The following is the interaction between our hosting consultant and a client who needs an IT environment for their PHI.

Consultant: Tell us about your hosting needs.

Client: I need an architecture for a Windows Forms SQL app for use by a behavioral healthcare company. I have a client with four locations that want to go this route over the traditional MPLS or hardware VPN combined with a local server.

Consultant: One of our hosting specialties is HIPAA compliance and the protection of PHI. We can create a network of this type is to host the SQL server in our data center. Each location would then be connected to the SQL server through an Encrypted VPN. The hosting platform would be HIPAA compliant, and we would issue a Business Associate Agreement (BAA) for the hosting services.

To provide you with a proposal, we require the following information:

  1. How much Total Storage Space do you require for the data?
  2. What version of MSSQL do you require?

Client: We would need a minimum of 20GB of storage, and the MSSQL could be 2008 or above.
Consultant: The smallest HIPAA-compliant hosting platform that we have available includes 500 GB of Storage Space. I have attached the formal proposal along with a copy of the Business Associate Agreement for your review. Please submit the SQL license, and we can then load it for you. We are not allowed by Microsoft to resell their licenses; it is also less expensive for you to purchase it outright than to lease it from us. Below are the highlights of the proposal:

1.) Windows Standard 2008 R2 64 Bit Operating System

2.) Dual-Core I3-3220 Processor w/HT / 8 GB of Ram / 500 GB of RAID Storage

  • Core I3
  • 3220 3.3 GHz Dual Core w/HT
  • 8 GB of RAM (expandable to 32 GB)
  • 2 X 500 GB SATA 3 Black Raid 1
  • LSI 9240 RAID Card – 10 TB  of Monthly Data Transfer, 100 Mbps Port

3 ) Fully Managed Hardware Firewall with ( 5 ) managed VPN’s

4 ) Intrusion Detection System with Log Monitoring and Management

5 ) Fully Managed Daily Backup

6 ) 100% Uptime SLA

7 ) 24 X 7 X 365 Live Technical Support by phone / email

8 ) SSAE 16 SOC II Data Center

9 ) Anti-Virus Protection

10 ) SSL Certificate.

Client: Excellent. I will get the Business Associate Agreement to my client immediately and be in touch once I hear back from them. Thank you for the assistance.

Consultant: Let us know if you have any additional questions. Have a great day.

As indicated by the above interaction, Atlantic.Net is well prepared for those in need of HIPAA compliant hosting on a reliable HIPAA Server. We have been in business for three decades, with a five-year track record helping companies fulfill the parameters of healthcare regulations.

Comic words by Kent Roberts & art by Leena Cruz.

Start Your HIPAA Project with a Fully Audited HIPAA Platform Trial!

HIPAA Compliant Compute & Storage, Encrypted VPN, Security Firewall, BAA, Offsite Backups, Disaster Recovery, & More!

Start with a $250 Credit!

Looking for a Hosting Solution?

We Provide Cloud, Dedicated, & Colocation.

  • Eight Global Data Center Locations.
  • Flexible Private, Public, & Hybrid Hosting.
  • 24x7x365 Security, Support, & Monitoring.
Contact Us Now!

Get a $250 Credit and Access to Our Free Tier!

Free Tier includes:
G3.2GB Cloud VPS a Free to Use for One Year
50 GB of Block Storage Free to Use for One Year
50 GB of Snapshots Free to Use for One Year

Get a Free-to-Use Cloud VPS