A Story About a HIPPAA-Compliant Website & Mobile App

Adnan Raja
by (131 posts) under Healthcare IT
0 Comments

Dell strategist Jim Stikeleather has argued that big data projects should tell a story. He said that by thinking in a similar manner to journalists, data scientists can more deliberately and captivatingly frame and communicate the information and filters they want to explore.

Storytelling can assist with understanding of any situation, particularly technology – which often can seem obtuse, boring, and inhuman. Obviously, people breathe life into technological situations – as when stories are told of people problem-solving using the tools of the technological era.

Since HIPAA-compliant hosting is one of our specialties, let’s look at a recent interaction we had with a client interested in hosting a healthcare site and mobile application.

*** Note that various details are changed for privacy, clarity, etc. ***

Healthcare Client:

Hello, I have a client that requires a HIPAA compliant hosting service. The client has a website and an app. The app is for end users to upload images of their doctor bills. The website is where billing specialists will review their claim and let them know if they were billed incorrectly. This is a startup company with unknown needs as far as server size. I would assume it would only require a small server, but we want to be able to scale up quickly if this company takes off. My job is to investigate hosting companies and recommend one to our client, who will establish the account on their own.

Hosting Consultant:

Thank you for contacting Atlantic.Net. We need answers to the following questions in order to provide you with a formal proposal. In the meantime, I have attached a copy of our BAA and HIPAA Audit that you can review.

  • Does your client require a Linux or Windows platform?
  • How many internal users will be accessing the hosting platform?
  • Will there also be a database hosted on the platform? HIPAA regulations require that a database and an application are hosted on separate servers.
  • Is 1 TB of storage space enough?

Healthcare Client:

  • It will be a Linux platform.
  • Internal meaning user that access the servers themselves – correct? There would be 1 or 2 users responsible for updating the website and web services required for the iPhone app. The client might want their own account also, although I don’t know for sure. Are there additional costs associated with the number of authorized internal users?
  • Yes, there will be a database. I understand HIPAA requires the database to be on a separate server. Does this requirement mean it needs to be on a separate physical server or is virtual enough?
  • I think initially 1TB would be enough. Again, we don’t know if this might be wildly successful and will require scaling. If that is needed, can you provide information on costs to scale to larger storage and machines?  How quickly can the servers be scaled?

Lastly, what kind of timeline is required to set up the account and go live with it?

Hosting Consultant:

Thank you for the information. Attached you will find the formal pricing proposal. We are including ( 5 ) encrypted VPNs so your internal users are covered. We need a dedicated server environment for the Storage; but we can separate the dedicated server into ( 2 ) Virtual Machines, and it still meets HIPAA requirements concerning the separation of the Application and the Database server. This is built into our proposal.

The dedicated server we are providing can hold up to ( 4 ) hard drives. We are starting with ( 2 ) hard drives in a RAID 1 configuration (HIPAA platforms require RAID). We can add another ( 2 ) hard drives at any time (again in a RAID configuration ), and the SAS Encrypted Hard drives come in either a 1TB or 2 TB size. The dedicated server can hold 32 GB of RAM, and we are starting with 16 GB of RAM. We need the 16 GB of RAM in order to create the ( 2 ) virtual machines, and we have to allow for RAM overhead for the Hypervisor (we use KVM / Proxmox) on Linux Cloud Hosting Platforms. You can add another 16 GB of RAM at any time. If you need more resources than what we can add to the one dedicated server, then we would have to deploy a second dedicated server. The firewall and intrusion system can support an unlimited number of dedicated servers behind them.

The platform will take 5 to 7 days to deploy, from the time we receive a signed agreement. I have attached the following supporting documents for your review:

  • Fully Managed Hardware Firewall
  • ( 5 ) Encrypted VPNs
  • Intrusion Detection System
  • Fully Managed Daily Backup.

Thank you for permitting Atlantic.Net to provide your organization with a custom proposal for a HIPAA Compliant Hosting Platform. Below are the highlights of our proposal. Please contact us if you have any questions.

1.) Fully Managed Hardware Firewall

2.) ( 5 ) Managed Encrypted VPNs

3.) Intrusion Detection System

4.) Fully Managed Daily Backup

5.) Private Dedicated Server Platform – Linux Centos OS 6.5 64 bit or Ubuntu 12.04

  • 4 Virtual Core Processor
  • 16 GB of RAM
  • 1 TB of Encrypted RAIDed Storage
  • ( 2 ) Virtual Machines (Web and App)

6.) 10 TB of Monthly Data Transfer with a 100 Mbps Port

7.) 100% Uptime SLA

8.) cPanel w/ WHM

9.) Kapersky Anti-Virus

10.) 24 X 7 X 365 Live Technical Support by email / chat / phone

11.) Business Associate Agreement

12.) HIPAA Audited Data Center with SSAE SOC 2 Certification

$ XXXX per month on a 12-month agreement, with no setup fee.

Healthcare Client:

It looks good, but I have a couple of questions.  What do items 6 and 7 refer to?  I am not completely up to speed on the terminology here.  The price quoted on the Linux HIPAA Compliant Hosting Platform: is this the price our customer would pay on what you have quoted?  Also, if we need to scale, how would that affect the quoted price?

Hosting Consultant:

  • Item 6 is the amount of data transfer per month that the customer can use during the month without incurring bandwidth overage charges. 10 TB of monthly data transfer is equal to 33 Mbps of bandwidth. The 100 Mbps port is the amount of bandwidth the customer can burst to at any given time. We have large HIPAA customers, and no one every exceeds the 10 TB of monthly data transfer. If by some chance your customer does, the overage charge is xxx cents per month per GB.
  • Item 7 refers to the fact that we warrant the HIPAA hosting platform will stay up 100% of the time. It also means that we are 100% responsible for all of the hardware that has been deployed to make the hosting platform work. Hardware pricing for dedicated servers changes very rapidly. The only thing I can provide you is the monthly pricing if you added extra server resources today. Each extra 8 GB of RAM is $ xx per month. Each extra 1 TB SAS Encrypted hard drive is $ xxx per month (they have to be added 2 at a time because of the required RAID configuration on the hard drives). Each extra 1 TB SAS Encrypted hard drive is $ xxx per month (they have to be added 2 at a time because of the required RAID configuration on the hard drives). To add a second dedicated server to the hosting platform would be $ xxx per month (this server would have the same starting configuration as what is on the proposal I sent you).
  • The $ xxx per month is what your customer would pay without any upgrades to the dedicated server.

Healthcare Client:

One more question.  Where are the hosting centers?

Hosting Consultant:

We are in (5) datacenters, but the HIPAA hosting platforms can only be hosted in our datacenter in Orlando, FL. It is the only datacenter that has the HIPAA audit certification.

Healthcare Client:

Ok, I am recommending you to our client.  Thank you for your quick responses.

Partnering with HIPAA-Compliant Expertise

As you can see above, we are happy to answer all questions you have related to HIPAA Compliant Hosting plans. They are a major area of focus for us at Atlantic.Net, so our established expertise allows us to guide you toward the right decision.

Contact us now to explore your options!

By Moazzam Adnan


Related Posts

Stay Connected With Us