SSAE 18 SOC 1 SOC 2 (formerly SSAE 16) Certified, HIPAA and HITECH Audited
HIPAA Compliant Hosting by Atlantic.Net™ is SSAE 18, SOC 1, SOC 2 certified, HIPAA and HITECH audited, designed to secure and protect critical healthcare data, and electronic protected health information (ePHI) and records. Our HIPAA Hosting Solutions have been audited by a qualified independent third party auditing firm, demonstrating our commitment to providing the best IT security and top-notch compliance solutions. Whether you're looking for a comprehensive managed hosting solution for your HIPAA servers or an unmanaged hosting service, we can assist you with all your HIPAA compliance hosting needs. Our high-performance Web, Database and Storage servers are available in both Dedicated and Cloud environments and backed by our 100% uptime guarantee.
Implementing HIPAA compliance can be complicated, as it involves piecing together server hosting with security and managed services. This also means that the end solution would include a Business Associates Agreement. We have compiled an easy, solution-oriented HIPAA compliant hosting requirements checklist, in accordance with the HIPAA Privacy Rule and Security Rule.
Below is an eight-part checklist of HIPAA Compliant Hosting requirements and Atlantic.Net can help provide all these components to help deliver a HIPAA Compliant Server Hosting Solution:
This section covers all the standard HIPAA requirements with enough detail for a general picture of what you need. Here are the eight elements you need for a HIPAA-compliant hosting environment for HIPAA Web Hosting, HIPAA Database Hosting, HIPAA Storage Hosting, or other HIPAA hosting setups:
Essentially, you need to have firewalls fully implemented on your site. There are three basic types of firewalls: hardware firewalls, software firewalls, and web application firewalls (WAFs). Typically, an infrastructure has a combination of hardware and software firewalls, along with ones specifically designed for web applications, because apps create their own unique challenges and have become such a frequent target for intrusions. Making sure that technology is system-wide is one of the HIPAA compliant server requirements.
What is a firewall?
The VPN needs to be encrypted, and you want it to be strong. Not all VPNs are the same, so do your homework.
What is an encrypted VPN?
You want to have your data backed up in an external location. This requirement is a reasonable way to ensure all the EMRs are safe. Note how many of these requirements are probably already in place for your company. Very little is required additionally to the security parameters that most enterprises and many SMBs already have up and running. Again, HIPAA Compliant Hosting Services must meet this and the other HIPAA compliant hosting requirements as well.
What are offsite backups?
On all parts of your site (from the administrative control panel associated with the server to your CMS to the operating system running throughout the network), you need MFA ( multifactor authentication). Multifactor authentication is simple and fast to establish, similar to the other HIPAA compliant server requirements. You just go into the control panels for each of your various systems and make the configuration changes. Be aware that you need to get everyone prepared for this change so your business continuity is intact: everyone should be able to access the system throughout. You just need everyone’s phone numbers if you’re using mobile as the second point of contact. Plus, make sure they have an MFA app installed before making the transition if you are using an authenticator tool. Many of the systems you’ll see will be based on Google Authenticator, which will require everyone to have that app installed on their cell phones; though there are plenty of other brands you can choose.
What is MFA?
You cannot have a platform that shares resources with any other entities if you want to achieve HIPAA compliant server requirements. Working with a hosting provider with experience related to properly privatizing your infrastructure obviously helps.
What is a private hosted environment?
You need secure sockets layer (SSL) certificates established throughout your site, for any domains and subdomains on which sensitive information is accessed. In other words, any parts of your site that need login credentials should always also have an SSL. Each server used for your site needs its own SSL certificate installed. Note that some companies provide certificates that can be installed on multiple or unlimited servers. Also, be aware that an EV certificate, creating a green address bar, and/or respected brand name such as Norton or GeoTrust, can help increase trust and credibility for your system. Less costly certificates can be purchased from Comodo, GoDaddy, etc.
What is an SSL certificate?
Note that Statement on Standards for Attestation Engagements (SSAE) 18, created by the American Institute of Certified Public Accountants (AICPA), is more stringent, in some ways, than HIPAA is regarding security. It’s not a requirement for HIPAA, but seeing that certification should make you feel more confident that a company meets HIPAA compliant hosting requirements.
What is SSAE 18 Certification?
If you use any outside entity to assist with your EMR, including a hosting company, you must have a BAA signed with that organization. That document does not clear you of your own responsibilities related to HIPAA, but it does delineate the role that the hosting company takes and ways in which they should be held liable for any breaches, etc.
What is a BAA (business associate agreement)?
This page was updated on July 22, 2018.
Ensures internal controls and best practices for physical security, availability, processing integrity, confidentiality, and privacy.
Ensures that our processes, policies, facilities, and hosting solutions comply with the latest HIPAA Audit Protocols.
Stringent testing that continues to expand to comply with HITECH Act policies and protocols.
Business Associate Agreement
24/7 Phone, Chat, & Email Support
Fully Managed Firewall
Intrusion Detection System
Linux & Window Servers
Highly Available Infrastructure
Encrypted Backup, Storage, & VPN
Log Management System
Dedicated to Your Success
– Jason Coleman
VP of Information Technology, Orlando Magic
"After evaluating a range of managed hosting options to support our data operations, we chose Atlantic.Net because of their superior infrastructure and extensive technical knowledge."
- Erin Chapple
General Manager for Windows Server, Microsoft Corp.
"Atlantic.Net’s support for Windows Server Containers in their cloud platform brings additional choice and options for our joint customers in search of flexible and innovative cloud services."
Contact an advisor at 888-618-DATA (3282) or fill out the form below.
© 2018 Atlantic.Net, All Rights Reserved.