We provide a secure and affordable HIPAA cloud compliant hosting environment that only you can access; you’ll have access to all the benefits of cloud hosting with none of the risks. Our HIPAA Cloud Hosting has been audited and certified by an independent third party against the HIPAA Security Rule for HIPAA compliance.
You could be forgiven for thinking the cloud isn’t secure enough for healthcare - there’s plenty of paranoia about the safety of cloud hosting, after all. You needn’t worry, though. We’ll provide your healthcare firm with an ultra-secure private cloud that only you can access; you’ll have access to all the benefits of cloud hosting with none of the risks.
We’ve taken the following security measures to make sure our cloud is as ironclad as possible:
Beyond security, we understand that healthcare organizations desire quick, efficient, and effective support. We’re more than up to the task of providing just that. All Atlantic.Net clients have access to 24/7 phone and email support.
Atlantic.Net is a leader in HIPAA-Compliant Hosting. With plans tailored to fit your needs and a dedicated round-the-clock support staff, we are ready to help you implement HIPAA. We have both traditional Dedicated Hosting HIPAA plans and also Managed Cloud HIPAA solutions. Our Atlantic.Net Managed Firewall and IDS (intrusion detection system) come included, along with daily backups and 24/7 monitoring.
In addition to managed/unmanaged dedicated servers, we offer virtualization hosting solutions with the following hypervisors:
vCPU Up to 112 vCPUs
RAM Up to 2 TB of RAM
SSD Disk Up to 12TB of SSD
Storage Redundancy RAID 10
IP Addresses IPv4 & IPv6, Private & Public
Monthly Bandwidth Up to 10Gbps
Cloud Server Management
Encrypted Data At Rest
Ensures internal controls and best practices for physical security, availability, processing integrity, confidentiality, and privacy.
Ensures that our processes, policies, facilities, and hosting solutions comply with the latest HIPAA Audit Protocols.
Stringent testing that continues to expand to comply with HITECH Act policies and protocols.
Business Associate Agreement
24/7 Phone, Chat, & Email Support
Fully Managed Firewall
Intrusion Detection System
Linux & Window Servers
Highly Available Infrastructure
Encrypted Backup, Storage, & VPN
Log Management System
Dedicated to Your Success
– Jason Coleman
VP of Information Technology, Orlando Magic
"After evaluating a range of managed hosting options to support our data operations, we chose Atlantic.Net because of their superior infrastructure and extensive technical knowledge."
- Erin Chapple
General Manager for Windows Server, Microsoft Corp.
"Atlantic.Net’s support for Windows Server Containers in their cloud platform brings additional choice and options for our joint customers in search of flexible and innovative cloud services."
Contact an advisor at 888-618-DATA (3282) or fill out the form below.
The number of organizations adopting virtualized environments continues to grow in many industries, including health care[I]. Virtualization enables network flexibility that most healthcare organizations could benefit from, but many are held back by a lack of clarity about what virtualization is, and how it relates to HIPAA cloud hosting.
A virtual environment is one in which a software layer, called a “hypervisor,” has been added to a physical server. An operating system can then be loaded onto the hypervisor layer to create a “virtual machine” (VM), which is a software-defined server, and as such can do some things not possible with physical, hardware-dependent servers. The hypervisor layer can determine the precise size and location of the server VMs or “instances” loaded onto it since it provides separation from the physical limitations of each piece of hardware. As we will explore below, this can benefit organizations through increased agility and automation.
HIPAA compliance can be particularly scary for organizations, due to the implications of a breach of security inherent in health care, the complexity of the regulations, and the severity of potential fines. Timely access to medical information can be a matter of life and death, but ensuring that information is accessible, portable, and renewable only covers Title I of the Act. Title II, covering health care fraud and abuse, along with the enforcement-strengthening HITECH Act[II], imposes security and privacy rules on health care providers and the companies that support them. Compliance failures can result in fines of up to $1.5 million[III], and data breaches, which are increasingly common in healthcare[IV], can be even more expensive, particularly when reputational harm is considered.
Fortunately, virtualized environments can not only be HIPAA Compliant quickly but can make compliance easier.
There are different kinds of hypervisors, and the most appropriate for any given health care organization depends on the organization's needs and other IT tools. What is common to each one is that the isolation and abstraction of the VMs they create give them robust access, security, and privacy compliance capabilities. Each VM set up by the hypervisor is self-contained, and keeps its data isolated from any other VMs and their data. An Introduction to Virtualization[V] offered by Intel Developer Zone puts it this way:
"Virtual machines are essentially isolated from one another in the same way that two physical machines would be on the same network. A virtual machine’s running operating system has no knowledge of other virtual machines running on the same machine.
This enables even VMs with different operating systems to run simultaneously on the same hardware. The separation the hypervisor provides between the instance and the physical server makes the system “agile.” It allows virtualized servers to be moved, for example, in the case of a hardware failure, which keeps whatever function is being “served” working. The hypervisor also manages the hardware resources available to it to run an organization's VMs as efficiently as possible and to scale to maintain availability when demand on the network is high.
There are three hypervisors available to Atlantic.Net HIPAA cloud services customers: Proxmox, Hyper-V, and Cloud.Proxmox
An open-source alternative based on the Linux Kernel Virtual Machine (KVM), Proxmox is managed with a web graphical user interface (GUI) and is known for solid performance and flexibility. It works reliably with different operating systems, but also supports different storage options[VI], including Linux containers. Any storage type used can be accessed only through the hypervisor layer, allowing access restrictions compliant with HIPAA's Title II and HITECH rules.
When set up in a server cluster or utilizing “shared” storage, Proxmox allows live migration of running machines. This makes the system agile enough that maintenance or updates necessary to keep the virtual server compliant from a security perspective can be performed without downtime, preserving compliance with the availability rules of HIPAA's Title I. First released publicly in 2008, Proxmox is updated about every six months. It is built to work flexibly with a variety of different products, rather than those from a particular company like Microsoft as is the case with Hyper-V, which could make Proxmox a better fit for some organizations. Proxmox sometimes requires IT teams to use the command line, which for some, may not be ideal.Hyper-V
Microsoft's Hyper-V is designed for Windows server and desktops, making it a popular choice for organizations that predominantly use Windows. Unlike Proxmox, Hyper-V uses proprietary storage technologies[VII]. The separation and control of access through the hypervisor layer is very similar, however, as is support for live migration. As with Proxmox, this keeps data in a securely isolated environment to maintain compliance with rules for fraud, abuse, and privacy, while also enabling the constant access and portability HIPAA compliant cloud computing requires.
Hyper-V includes “dynamic memory management,” a feature making it easy to scale up the number of virtual machines in use. It also features Windows Active Directory for security and access management. Organizations considering Hyper-V should be aware that it tends to work best with the latest version of Windows, though it also works with other operating systems, including Linux and FreeBSD[VIII]. Hyper-V was originally launched with Windows Server 2008, and Microsoft maintains it with frequent updates.Cloud
Atlantic.Net's HIPAA Compliant Cloud Hosting environment is based on Linux KVM, much like Proxmox. Data is therefore isolated in the same way, on an abstracted hardware layer available only via the hypervisor.
Cloud environments allow customers fine-grained control to pay only for the resources they use and scale up those resources to meet increases in demand. It is, therefore, an efficient and economical solution for organizations with high variations in IT workload. Atlantic.Net launched its first cloud servers in 2010 and has been steadily expanding the service since.
Just as the software borders between VMs are like the hardware boundaries between physical machines, the tools that secure a network against malicious traffic are similar. Traffic should be controlled with a firewall, all the elements of the site should be secured with two-factor authentication, and off-site backups must be maintained to meet the Title I standard of accessibility. Those and all of the other necessary features for HIPAA compliance in a server[IX] can be met with the appropriate implementation of any virtual environment from Atlantic.Net.
Regularly scheduled, automated backups are available or included with all Atlantic.Net virtualized HIPAA compliant cloud hosting environments, making continuous compliance not only possible but easier. Healthcare organizations can also provide auditors with automatically generated logs of network traffic created by either KVM or Hyper-V, easily demonstrating the security and privacy necessary for Title II and HITECH compliance in HIPA compliant cloud computing.
Every healthcare organization needs to follow security and compliance best practices, and partner with an IT provider they can trust to deliver compliant services, regardless of the network environment. Fortunately, this means the flexibility, logging, automated backups, and other features of virtualized environments are an option for all.
If your organization has avoided or delayed moving HIPAA workloads to a virtualized environment out of compliance concerns, it is likely worth reconsidering the option. Contact our knowledgeable sales team today by phone 1.800.521.5881 or email [email protected] for information about HIPAA cloud services, including our HIPAA Cloud Hosting and Managed Cloud solutions, today!
© 2018 Atlantic.Net, All Rights Reserved.