HIPAA Compliant Dedicated Server – A Real World Scenario – Part 2

server comic

<<< Continued from Part 1

Consultant (continued): By adding the second server we also had to increase the cost of the daily backup since there is more storage involved. I also had to double the number of Kaspersky licenses. I added 8 more Ips, but the IPs are free. You will now have 16 for the two servers. I also added another ( 5 ) VPNs at no extra charge. The updated proposal is attached and summarized below:

1.)  One Fully Managed Hardware Firewall with ( 10 ) Managed VPNs / Intrusion Detection System with Log Monitoring and Log Management.
2.) Two servers with the following specs:

  • Dual Hex Core Xeon E5-2620V2 2.1 Ghz w/ HT Processors
  • 24 Logical Cores per Server
  • 16 GB of RAM (expandable to 128 GB of RAM per server)
  • 2 X 240 GB SSD Cachecade Hard Drives
  • 4 X 4 TB SATA ES3  Enterprise Hard Drives – RAID 5, 6 or 10
  • LSI Hardware RAID Card
  • Hot Swappable Bays
  • Dual Power Supplies
  • IPMI (intelligent platform management interface).

3.) Fully Managed Daily Backup for all the Storage Space on the two servers
4.) 20 TB of Monthly Data Transfer, with a 1 Gbps Port
5.) Kaspersky Anti-Virus
6.) 16 Total Static IP’s.

If you so desire, we can virtualize the servers by using HyperV. Windows Standard Edition allows ( 2 ) VMs per server. We will setup the VMs for you when we first deploy the servers if you wish to virtualize.

Also, our controller sent you an email this morning concerning your request for a HIPAA audit report. Please contact me if you have any questions concerning the email that he sent you or regarding this proposal.

Client: Thank you for the details. I will be discussing your proposal with my management shortly. I have a few questions first though:

  1. How many hard disks can be added to each server?
  2. What is the monthly charge for each additional TB of data transfer?

Consultant: Great. Here are the answers to your questions:

  1. You can add ( 2 ) more 4 TB hard drives to each server.
  2. The charge is $0.05 per month per GB for overages. You would have to exceed the 20TB of data transfer in a 30 day period in order to incur the overage charge.

Client: Hi – a few more questions:

  1. If the data storage exceeds the maximum capacity of all the 8 hard drives, can you add an additional external storage device? What would be the cost per TB?
  2. Can you provide a Vulnerability Scan report?

Thank you.

Consultant: Okay, in response to your questions:

  1. It is possible to add external storage, and the pricing is dependent on how much storage is required. We do not offer an On-Demand Storage solution, so I can only provide you with pricing based on the amount of total storage you wish to establish.
  2. That is part of the Intrusion Detection System that is included in the proposal we presented to you.

Client: Great, that is all the information I need. I appreciate your answering all my questions so promptly. Once I speak with my management, what’s the next step?

Consultant: You’re welcome. If you decide to move forward, please sign the BAA and send it back to us. Thank you for choosing Atlantic .Net. Let us know if you have any additional questions.

Key terms

Here are basic explanations for several of the key terms used in the above discussion:

Business Associate Agreement (BAA): A business associate agreement is a contract between two parties, as established to fulfill HIPAA compliance. A covered entity – a healthcare provider, plan, or clearinghouse – enters the agreement with a business associate – any outside organization that handles protected health information (PHI). The document essentially stipulates the responsibilities of each party, such as the exact nature with which the associate will interact with PHI.

Kaspersky Anti-Virus: Kaspersky Lab, founded by Eugene Kaspersky in 1997, is a well-known and highly respected security software developer. The company was the official Organizing Committee Antivirus Software Supplier for the 2014 Sochi Winter Olympics.

RAID: Short for redundant array of independent disks, RAID is a standardized technique to store multiple instances of identical data on more than one HDD (hard disk drive) or SSD (solid state drive).

SLA: Short for service level agreement, an SLA defines the parameters with which a web hosting provider or similar third-party supplier will service its clients – such as our 100% uptime Cloud Hosting commitment.

Offering IT solutions to healthcare organizations since 1994 – with specialized compliance strategies first developed in 2009 – Atlantic.Net is prepared to meet the needs of your organization. Please review our HIPAA Compliant Hosting  Master Index for an organize menu of our various materials related to this subject.

Related Posts