HIPAA Compliant Hosting

A Beginner’s HIPAA Compliance Guide

Overwhelmed with HIPAA compliance? You’re not alone. Compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) is important to the covered entities and business associates that are expected by the federal government to follow the law.

However, the requirements of HIPAA and its regulatory agency, the US Department of Health and Human Services (HHS), are not as rigid as they first may seem. We’ve detailed the broad concepts required to understand HIPAA in this article, which serves as a beginner’s HIPAA Compliance Guide.

Why HIPAA?

The healthcare privacy and security law was written to encompass the broad array of organizations for which it was intended. For that reason, the HHS website notes that “there is no single standardized program that could appropriately train employees of all entities.”[i]

Nonetheless, training is a requirement of HIPAA, so it’s necessary to find a strong beginner’s guide that can be used to train your employees on the essentials of compliance. Most of what is available online through the federal government is either aggregations of disparate pieces of information or sizable PDFs, such as the Guide to Privacy and Security of Electronic Health Information[ii] – created by the Office of the National Coordinator for Health Information Technology (ONC). The former is a bit disorganized. While the latter can be great as course material, its 60+ pages are overkill for the purpose of an initial overview.

Read More


HIPAA-Compliant Cloud Hosting – Is It Possible to Protect PHI in the Cloud?

HIPAA Compliant Cloud Hosting

HIPAA Compliant Cloud Hosting

The number of organizations adopting virtualized environments continues to grow in many industries, including health care[I]. Virtualization enables network flexibility that most healthcare organizations could benefit from, but many are held back by a lack of clarity about what virtualization is, and how it relates to compliance.

A virtual environment is one in which a software layer, called a “hypervisor,” has been added to a physical server.  An operating system can then be loaded onto the hypervisor layer to create a “virtual machine” (VM), which is a software-defined server, and as such can do some things not possible with physical, hardware-dependent servers.  The hypervisor layer can determine the precise size and location of the server VMs or “instances” loaded onto it since it provides separation from the physical limitations of each piece of hardware.  As we will explore below, this can benefit organizations through increased agility and automation.

HIPAA compliance can be particularly scary for organizations, due to the implications of a breach of security inherent in health care, the complexity of the regulations, and the severity of potential fines.  Timely access to medical information can be a matter of life and death, but ensuring that information is accessible, portable, and renewable only covers Title I of the Act.  Title II, covering health care fraud and abuse, along with the enforcement-strengthening HITECH Act[II], imposes security and privacy rules on health care providers and the companies that support them. Compliance failures can result in fines of up to $1.5 million[III], and data breaches, which are increasingly common in healthcare[IV], can be even more expensive, particularly when reputational harm is considered.

Fortunately, virtualized environments can not only be HIPAA-Compliant quickly but can make compliance easier.

Read More



Ransomware: Malware That Makes You Pay

ransomware-title

What is ransomware?

One of the fastest and most damaging cyber security threats falls under a category called “ransomware.” Ransomware is malicious code that encrypts all the user’s files and is usually downloaded unknowingly. This type of malware gets its name from what it does when a user tries to open an infected file: it prompts the user to pay a ‘ransom’ within a timeframe to receive a decryption key, which would then allow you to decrypt your files.[1] Even if you choose to pay the ransom, there is no guarantee you will gain access to your data. In this article, we will explain steps you can take to protect and secure your environment.

The numbers

Ransomware is a real threat to any business that allows user access, as it depends on users to spread it. Different industries also have different risks, with healthcare usually opting to pay the ransom to protect patient data, while the education industry has the highest rate of infection.  Other lucrative targets include classified documents, financial documents, and intellectual property[2]. With names like Telecrypt, iRansom, FSociety, and CryptoLuck, the goal of ransomware is all the same for their creators: making money. According to Lavasoft, the CryptoWall 3 ransomware cost users $325 million just in 2015 alone.[3] As ransomware grows and evolves, they become even more costly. At the end of 2016, one of the most harmful ransomware is named “Cerber.” Not only does it lock your files from being accessed, but recent variations have incorporated the stealing of personal information and scripts that cause your machine to target other servers.[4]

Source: https://info.bitsighttech.com/bitsight-insights-ransomware Source: https://info.bitsighttech.com/bitsight-insights-ransomware

Read More


Intrusion Detection Systems – Do You Need One?

Should you invest in an Intrusion Detection System? Responsible businesses with sensitive data know they need a firewall to control traffic and secure their networks. What seems less well known, however, is the role that complementary technologies play in a comprehensive approach to cybersecurity.  An Intrusion Detection System (IDS) enables organizations to take a proactive security stance, which is why Atlantic.Net offers one for its security-conscious customers.

Amid all the headline-grabbing data breaches of the past year, the vulnerability of companies in industries like health care may be overlooked.  Data breaches began costing healthcare firms over $5.5 billion annually shortly after HIPAA became law, according to the Ponemon Institute.

Once online criminals have found a profitable target, they tend to return to it with ever more sophisticated attacks.  A report recently indicated that over 75 percent of the healthcare industry had been infected with malware in the past year, and noted that a shocking majority of ransomware targets medical treatment centers.

Cliches like the typical hacker being a teenager living in his or her parent’s basement are persistent, and harmful because they misrepresent the situation to the potential victims of hacking.  The numbers clearly show that hacking is now predominantly committed by sophisticated criminal organizations. Utilizing an IDS is a proactive approach to meeting that threat.

An Intrusion Detection System, or IDS, is a software application that monitors the network and hosting environment and analyzes activity on it.  Any activity which is considered unusual is ranked according to how high risk it is considered based on information from global threat databases.

Read More


ECC Memory vs. Non-ECC Memory – Why It’s Critical for Financial and Medical Businesses

By: Kris Fieler

As businesses depend more on big data, the need to prevent data loss has never been more important. One of the most vital areas for this loss prevention is where data is temporarily stored, RAM.  ECC, or Error-Correcting Code, protects your system from potential crashes and inadvertent changes in data by automatically correcting data errors.  This is achieved with the addition of a ninth computer chip on the RAM board, which acts as an error check and correction for the other eight chips. While marginally more expensive than non-ECC RAM, the added protection it provides is critical as applications become more dependent on large amounts of data.

ecc-vs-nonecc

Likelihood of a Memory Error

On any server with financial information or critical personal information, especially medical, any data loss or transcription error is unacceptable.  Memory errors can cause security vulnerabilities, crashes, transcription errors, lost transactions, and corrupted or lost data.

Read More


Risk Management for Healthcare Cloud Hosting

Following a two-year deceleration of cloud growth, the technology again gathered steam in 2015. With the vast majority of healthcare providers now adopting cloud, it’s become critical to consider risk management for this transition. Here is a five-stage plan to see your organization through.

  • Slow-Down & Speed-Up of Cloud in Business
  • Hybrid Cloud and Risk Management in Healthcare
  • Five-Stage Cloud Risk Management for HIT
  • Managing HIT risk with Your cChoice of Cloud Vendor

Slow-Down & Speed-Up of Cloud in Business

In 2013 and 2014, there was a slow-down in the previously breathtaking ascent of cloud hosting. However, last year, the industry accelerated again, with 5.4% more organizations adopting the IT method.

Business generally has been moving to cloud, but healthcare companies have been somewhat more hesitant to implement these systems because of concerns with compliance and security. Nonetheless, 5 of 6 healthcare providers (83%) had cloud in place even back in 2014, according to the Health Information and Management Systems Society (HIMSS). Furthermore, Becker’s Healthcare notes in 2016 that “[c]ompared to previous years, providers are more likely to use cloud implementations and leverage mobile and analytics capabilities in the cloud than before.”

Read More


How Do We Prevent Hacking on the Cloud Through Authentication?

Failure to adopt two-factor authentication (2FA) or multifactor authentication (MFA) can be a major and costly mistake for those using cloud services. Adding security can make it less likely that you get hacked. Here are some tips to incorporate 2FA or MFA into your business.

  • Could Hacking End Your Business?
  • Factors to the Rescue
  • How Does 2FA Work Exactly?
  • 2FA in Action – 3 Steps of Access
  • Trusted for Years

Could Hacking End Your Business?

Getting hacked and potentially bankrupted is one of those things that, like a car crash or an illness, can seem to be an unlikely threat until it happens to you. The figures for small business, though, are incredible: one in five small businesses get hacked each year, and 60% of those that do are bankrupt within six months. In other words, a scary percentage of small businesses get hacked each year, and for the majority of those that do, it’s “game over.”

Read More


Could Cloud Computing Cure Cancer?

Angelina Jolie used genomic sequencing to learn that she was highly likely to eventually develop breast cancer, allowing her to make an informed decision and get a double mastectomy. However, celebrities aren’t the only ones who can benefit from advanced genetic analysis – which is now much more affordable and accessible thanks to projects such as the Collaborative Cancer Cloud.

  • Angelina Jolie: Survival through Personalized Cancer Data
  • Expediting Healing with the Collaborative Cancer Cloud
  • Spinning Up Your Own Cloud VPS Server

Angelina Jolie: Survival through Personalized Cancer Data

Angelina Jolie was told by her doctors in 2013 that she had a problematic variant of the BRCA1 gene that put her in an extremely high-risk category for breast cancer. In fact, it meant that her likelihood of developing the disease was a whopping 87%. Understanding how very real the threat of cancer was for her simply because of hereditary factors, Jolie opted to get a preventive double mastectomy – which effectively nullified her chances of getting the illness, dropping her to just 5% susceptibility.

Read More


HIPPA Compliant Hosting Hangout with Gabriel Murphy

The hack of Anthem, the second largest health insurer in the United States, cast a huge spotlight on the protection of electronic medical records. Announced in February 2015, the breach compromised 78.8 million user accounts, all of which were stored unencrypted.

To put that number into perspective, the largest breach of 2014 (which, like Anthem, is widely believed to be the work of security researchers sponsored by the Chinese government) was that of Community Health Systems in Tennessee, an incident in which “only” 4.5 million patients were affected.

Although experts and consumers are concerned that health data should always be encrypted, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) does not explicitly require encryption. That is the topic of an article by Elizabeth Snell for HealthIT Security: “Should HIPAA Regulations Require Data Encryption?”

Snell argues that while insurers and other healthcare entities do not legally have to encrypt, “this does not mean that facilities can simply ignore this particular security measure because they find it time consuming or costly.” She details how legislators around the United States are working to pass measures so that encryption is no longer optional.

We explored the topic of HIPAA compliance in the first episode of our Google Hangout on Air (HOA) series (see the video above). The HOA featured Internet entrepreneur and development technologist Gabriel C. Murphy, who has cofounded four Internet companies and been a thought leader in the hosting industry since 1997.

Atlantic.Net is an industry leader in HIPPA Compliant Hosting with a full array of VPS Cloud Servers ready to deploy in under 30 seconds.


New York, NY

100 Delawanna Ave, Building 1

Clifton, NJ 07014

United States

San Francisco, CA

2820 Northwestern Pkwy,

Santa Clara, CA 95051

United States

Dallas, TX

2323 Bryan Street,

Dallas, Texas 75201

United States

Orlando, FL

440 W Kennedy Blvd, Suite 3

Orlando, FL 32810

United States

London, UK

14 Liverpool Road, Slough,

Berkshire SL1 4QZ

United Kingdom

Toronto, Canada

20 Pullman Ct, Scarborough,

Ontario M1X 1E4

Canada