HIPAA Compliant Hosting



HIPAA Questions Answered – A Real World Scenario

Sam Guiliano October 28, 2014 by under HIPAA Compliant Hosting 0 Comments

HIPAA Questions Answered

Topics: Cyber Liability Insurance, Patching, Disaster Recovery, Encryption at Rest & Data Destruction

Healthcare companies around the United States know that they must meet the standards of two landmark pieces of healthcare legislation, HIPAA (Health Insurance Portability and Accountability Act of 1996) and HITECH (Health Information Technology for Economic and Clinical Health Act of 2009). Although of course many healthcare providers, plans, and data clearinghouses care about the privacy and security of their patient information, these regulations sought (in part) to make failing to protect sensitive medical data extremely unattractive.

Read More




Spotlight on Biotech Hosting: A Real World Scenario

Adnan Raja October 9, 2014 by under HIPAA Compliant Hosting 0 Comments

We recently had a biotech company contact us about setting up a dedicated system to be hosted at our data center. Although this particular request was for a relatively small, private infrastructure, often research companies need to conduct sophisticated calculations that can be best achieved through cloud computing. We will first look at the biotech connection to the cloud, then specifically discuss a dedicated real world scenario.

Read More


Lawyer Gives Recommendations for HIPAA Compliance

Adnan Raja August 29, 2014 by under HIPAA Compliant Hosting 0 Comments

Like anything related to federal regulations, HIPAA compliance is not exactly a lighthearted and relaxing topic. However, the Security Rule and Privacy Rule of Title II do establish strong standards to protect PHI (protected health information). Regardless our perspectives toward the law, understanding it is critical for healthcare organizations so that they can avoid fines.

Read More


HIPAA Virtualization: A Real World Scenario

Healthcare organizations often contact us for hosting solutions that are fully compliant with the parameters of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Particularly critical for this sector of companies – called covered entities within the law and comprising providers, plans, and clearinghouses – are the Privacy Rule and Security Rule contained within the Act’s Title II. The two rules govern the methods used by business associates such as hosting services to safeguard protected health information (PHI).

The following article is part of our Real World Scenario series, which details interactions between our hosting consultants and clients, anonymously and in edited form. (If you are looking for a fuller HIPAA resources directory, see our HIPAA Compliance Master Index.)

Initial discussion of a HIPAA Virtualization plan

Client: We need a HIPAA compliant server running SQL 2012. We have a couple of databases and need to host some web portals.

Consultant: Thank you for contacting Atlantic.Net. Please provide us with answers to the following questions so we can provide you with a formal proposal:

  1. What version of MSSQL 2012 do you require?
  2. How much storage space do you require?
  3. We recommend separate virtualized servers for the web and database.

Client:

  1. I am looking at the versions, but I think standard would work.
  2. Initially, we will not have high storage needs. The databases will grow but will most likely be less than 50GB. As far as web space, we would be looking at 10GB or less.
  3. I would prefer not to pay for 2 servers right now.

Consultant: We can take one Windows server and create ( 2 ) virtual machines inside of it by using the Windows Standard 2012 license. We do not charge extra to virtualize the dedicated server that is part of the HIPAA hosting platform. So the total monthly charge would cover both the web and database servers.

What we do not have any control over is the cost of the MSSQL 2012 license, and our agreement with Microsoft only allows us to lease the license on a monthly basis. You have the option of providing the MSSQL license yourself instead of leasing it from us, and we will load it on the server for you.

Client: We will provide the SQL license. How fast can we get hosting set up?

Consultant: It takes 3 days or less to deploy the new hosting platform from the time we receive a signed agreement. Below is the information that we need to send you within the agreement. Also, if you can answer the questions concerning the VM’s, firewall, and VPN’s (listed below the contact questions), it will expedite the deployment process.

-Full Company Name
-Billing Address
-Tax ID Number ( if available )
-State of Incorporation ( if available )
-Main Contact with phone number and email address
-Billing Contact with phone number and email address
-Technical Contacts with phone number and email addresses.

Please provide the following information concerning the VM’s:

  • Amount of Ram required per VM
  • Amount of Storage required per VM.

Please provide the firewall rules and ports you want set up.

We are providing you with ( 5 ) VPN’s. We need to know how many you want to set up initially and what you want the username and password to be for each VM.

Client: What are your recommendations for an SQL server and a Web server as far as RAM and storage?

We will need the following access to the servers:

* HTTP traffic to the web server
* VPN connections:
> * User 1:
>> * Username: XXXXXXXXXXXXXX
>> * Password: [email protected]
> * User 2:
>> * Username: XXXX
>> * Password: XXXXX
* VM Usernames:
> * User 1 (Administrator):
>> * Username: XXXXX
>> * Password: XXXXX
> * User 2 (Administrator):
>> * Username: XXXXX
>> * Password: XXXXXXX

Consultant: We are going to provide you with16 GB of total RAM for the same price, because we need 4 GB of RAM for the overhead on the HyperV Hypervisor. This will leave you with 12 GB of RAM. Below is our recommendation for the Web and DB servers.

The processor has ( 4 ) virtual cores. You will have 500 GB of storage space, but we need to use 40 GB for overhead, so that leaves you with 460 GB of storage space.

Please see the server descriptions:

Web Server

  • 2 Cores
  • 4 GB of RAM
  • 200 GB of Storage space

DB server

  • 2 Cores
  • 8 GB of RAM
  • 200 GB of Storage space

If this looks good to you, we can move forward. Please let us know.

Client: That looks good.

Choosing strong HIPAA business associates

Understandably, healthcare companies are careful who they choose to enlist to assist them in setting up HIPAA compliant systems. Atlantic.Net is a respected industry veteran, in business since 1994 and the winner of numerous business growth awards from outlets including Inc. and Entrepreneur. See our HIPAA Compliant Hosting list for access to a broad range of compliance-related resources and to spin up a SSD Cloud Server.

By Moazzam Adnan


HIPPA Compliant Hosting: A Real World Scenario

Hybrid hosting comic

The majority of healthcare organizations – including plans, providers, and clearinghouses – must be fully compliant with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). One aspect of compliance is contracting with outside specialists that can handle certain data-related responsibilities. These technology partners are experts at hosting compliant websites and applications, serving as business associates (via business associate agreements, or BAAs) for healthcare clients and their affiliates.

Read More



NO THANKS!

New York, NY

100 Delawanna Ave, Building 1

Clifton, NJ 07014

United States

San Francisco, CA

2820 Northwestern Pkwy,

Santa Clara, CA 95051

United States

Dallas, TX

2323 Bryan Street,

Dallas, Texas 75201

United States

Orlando, FL

440 W Kennedy Blvd, Suite 3

Orlando, FL 32810

United States

London, UK

14 Liverpool Road, Slough,

Berkshire SL1 4QZ

United Kingdom

Toronto, Canada

20 Pullman Ct, Scarborough,

Ontario M1X 1E4

Canada