HIPAA Compliant Hosting

HIPAA Compliant Hosting

SSAE 18 SOC 1 SOC 2 (formerly SSAE 16) Certified, HIPAA and HITECH Audited

Trusted By

HIPAA Compliant Hosting Solutions

HIPAA Compliant Hosting by Atlantic.Net™ is SOC 1, SOC 2 certified, HIPAA and HITECH audited, designed to secure and protect critical data and records. Whether you're looking for a comprehensive managed hosting solution for your HIPAA servers or an unmanaged hosting service, you can rest assured that we are here to assist you with HIPAA compliance every step of the way. Backed by our 100% uptime guarantee, we assist our clients reduce exposure to the security and compliance challenges associated with hosting electronic health records.

Whatever your technical requirements or your use cases, our experts can offer a top-grade HIPAA Compliant web hosting solution. Our HIPAA Solutions have been audited by a qualified independent third party and we’re committed to providing you with the best security and compliance solutions. Our high-performance HIPAA servers are available in both dedicated and cloud environments. Contact us today for a customized solution!

Business Associate Agreement (BAA) is Available

A Full Line of HIPAA Compliant Hosting Services

Business Associate Agreement (BAA)

According to The Health Insurance Portability and Accountability Act (HIPAA), there are two different types of organizations that must ensure compliance: covered entities and business associates. Atlantic.Net™ falls into the latter category, a third-party entity contracted to handle protected health information(PHI).

In order to both comply with the law and assure our clients that we’re committed to keeping their information safe, we’ve drafted up a HIPAA Business Associate Agreement, or BAA. BAAs are a type of HIPAA-Compliant documentation that is critical to our relationship with healthcare firms and medical practitioners alike, as it firmly establishes the legal parameters for our use of PHI. The following three components are central to this contract:

  • Business associate’s role – the exact nature of the third party’s interaction with the healthcare data, including any forms of use and disclosure.
  • Limitations – the prohibition of the third-party from any forms of use or disclosure not stated in the agreement.
  • Security requirements – the necessity for extensive security technologies and protocols to guard against any unauthorized use or disclosure.

In conjunction with our SSAE 18 SOC 1 SOC 2 (formerly SSAE 16) certified data center, our BAA documentation shows that we’re committed to keeping the private healthcare information of our clients both safe and secure. Moreover, BAAs show that we’re willing to go beyond the minimum standards of compliance established in HIPAA. Healthcare businesses who choose us as a host have the peace of mind that can only come from knowing that they’re partnered with a veteran - and one that’s completely committed to their best interests, at that.

HIPAA Compliant Hosting Services

Here is a list of HIPAA Compliant Hosting Services, provided by Atlantic.Net:

HIPAA-Compliant Colocation

Our data center facilities are fully audited and certified to be in compliance with HIPAA and HITECH. Our Healthcare colocation clients enjoy an industry-leading service-level agreement, world-class data center infrastructure and superior on-site security.

HIPAA-Compliant Application Hosting

The applications healthcare companies are running are frequently incredibly resource-intensive, requiring a dedicated server imply to operate effectively. This server, whether a dedicated or virtual system, needs to be both secure and compliant. That’s doubly true in cases where the company is a healthcare application service provider, which routinely manages patient data from a wide array of firms.

Once again, Atlantic.Net™ is fully-equipped to deliver.

Our design includes an application server that can be adapted to your needs whether your architecture is physical or virtualized. Even better, all Atlantic.Net application servers are protected with a full suite of security components, including a Fully-Managed Firewall appliance, an encrypted VPN with an optional GeoTrust SSL, and a powerful Intrusion Prevention System with proactive monitoring.

HIPAA-Compliant Database Hosting

Perhaps the most frequent reason for healthcare providers to look into hosting services is the operation of databases in order to store patient and organizational data. Our engineers will provide you with whatever format of database best meets your needs - and it’ll be affordable no matter what your choice. Whether you choose Microsoft SQL Server, MySQL, or PostgreSQL, we've got you covered when it comes to databases.

Our HIPAA-compliant database security incorporates our fully-managed firewall appliance, an encrypted VPN with SSL technology, and our intrusion detection system. Further, everything we do that concerns the hosting plan is considerate of compliance implications; we honor regulatory parameters at all times.

Here are just a few benefits of choosing to host your database with Atlantic.Net:

  • All data exists in one defined place
  • You can customize security specific to the database
  • Organization of the data can make administration more efficient
  • Responses to data requests are streamlined
  • Multiple users can retrieve data simultaneously.

HIPAA Compliant Managed & Unmanaged Hosting

In addition to managed/unmanaged dedicated servers, we offer virtualization hosting solutions with the following hypervisors:

  • Hyper-V Private Virtualization Hosting – Microsoft Hyper-V
  • KVM Private Virtualization Hosting – Proxmox VE
  • VMware Private Virtualization Hosting

Managed HIPAA Security

Our fully-managed and compliant security allows us to consistently keep track of your security, allowing you to stay focused on your core competencies.

Intrusion Prevention System

Our Intrusion Prevention System (IPS) works off of a continually-revised database of malware and other potential hazards, and features customizable security infrastructure that allows us to tweak it to your specific needs. We routinely test and re-test all components of our IPS, and allow upgrades on an as-needed basis. Threats are monitored and prevented in real-time.

Our IPS also features a powerful Firewall Appliance which connects to each interface, monitoring everything from CPU usage to response rate for gateways. For those of you who require traffic shaping and simultaneous connection limitations, both are easily configurable.

All of this is available at minimal cost - meaning you’ll have access to world-class security at a price that won’t leave you tapped out.

Anti-Malware Protection:

One of the stipulations for HIPAA is that healthcare organizations must utilize an antimalware application to remain compliant. Atlantic.Net's engineers trust Trend Micro Anti-Malware to protect clients from malicious software.

Trend Micro™ Deep Security Suite – Key Features:

Virtual Environments: Preserve performance and consolidation ratios with comprehensive agentless security built specifically to maximize protection for virtual environments.

Optimized for Server Environments: Optimizes security operations to avoid antivirus storms commonly seen in full system scanning and pattern updates from traditional security capabilities.

Virtual patching: Shield vulnerabilities before they can be exploited, eliminating the operational pains of emergency patching, frequent patch cycles, and costly system downtime.

Compliance: Demonstrate compliance with a number of regulatory requirements including PCI DSS 3.0, HIPAA, HITECH , FISMA/NIST , NERC , SSAE 18, and more. Learn more about Trend Micro Deep Security.

Trend Micro™ Deep Security Suite – Deep Security Modules:

Trend Micro Deep Security Anti-Malware

  • Delivers an anti-malware agent to extend protection to physical, virtual, and HIPAA compliant cloud servers.
  • Optimizes security operations to avoid antivirus storms commonly seen in full system scans and pattern updates from traditional security capabilities.
  • Protects from sophisticated attacks in virtual environments by isolating malware from critical operating system and security components.

Trend Micro Deep Security Network Security Package

  • Examines all incoming and outgoing traffic for protocol deviations, policy violations, or content that signals an attack.
  • Automatically protects against known but unpatched vulnerabilities by virtually patching (shielding) them from an unlimited number of exploits, pushing protection to thousands of servers in minutes without a system reboot.
  • Decreases the attack surface of physical, cloud, and virtual servers with fine-grained filtering, policies per network, and location awareness for all IP-based protocols and frame types.
  • Includes out-of-the-box vulnerability protection for all major operating systems and over 100 applications, including database, web, email, and FTP servers.

Trend Micro Deep Security Integrity Monitoring

  • Monitors critical operating system and application files, such as directories, registry keys, and values, to detect and report malicious and unexpected changes in real time.
  • Uses Intel TPM/TXT technology to perform hypervisor integrity monitoring for any unauthorized changes to the hypervisor, thereby extending security and compliance to the hypervisor layer.
  • Reduces administrative overhead with trusted event tagging that automatically replicates actions for similar events across the entire data center.

Trend Micro Deep Security Log Inspection

  • Collects and analyzes operating system and application logs in over 100 log file formats, identifying suspicious behavior, security events, and administrative events across your data center.
  • Assists with compliance (PCI DSS section 10.6) to optimize the identification of important security events buried in multiple log entries.
  • Forwards events to SIEM system or centralized logging server for correlation, reporting, and archiving.

Dedicated Firewalls & Encrypted VPN

In addition to our IPS system, Atlantic.Net provides a powerful set of managed firewall components, designed with optimal affordability and security in mind. Learn more about our managed firewall service here. We’re able to create out-of-the-box solutions for just about any configuration, including Linux servers or even Cisco ASA Firewalls. Reporting maintains historical information on every aspect of your system related to network security, including CPU utilization, firewall states, WAN gateways, and traffic shaping.

By default, we deploy an OpenBSD stateful firewall that allows you to granularly control your states. This allows you to limit states per host, new connections per second, state timeout, state type, and simultaneous client connections. It allows the handling of multiple states, as well. Have a look for yourself:

  • Keep state – Works with all protocols. Default for all rules.
  • Modulate state – Works only with TCP. Atlantic.Net’s Firewall Appliance will generate strong Initial Sequence Numbers (ISNs) on behalf of the host.
  • Synproxy state – Proxies incoming TCP connections to help protect servers from spoofed TCP SYN floods. This option includes the functionality of “keep state” and “modulate state” combined.
  • None – Does not keep any state entries for the traffic. This is very rarely desirable, but is available because it can be useful under some limited circumstances.

It also offers a number of state table optimization options:

  • Normal – The default algorithm.
  • High latency – Useful for high latency links, such as satellite connections. Expires idle connections later than normal.
  • Aggressive – Expires idle connections more quickly. Uses hardware resources more efficiently, but can drop legitimate connections.
  • Conservative – Tries to avoid dropping legitimate connections at the expense of increased memory usage and CPU utilization.

Last but certainly not least, our dedicated firewalls are connected to a management service that’ll help you ease the burden of monitoring.

This management service allows us to help you implement switches that can be used to set up encrypted VPN connections (we support OpenVPN, IPsec, and PPTP by default) to and from your hosted servers. HIPAA compliance requirements are kept central to the entire process, from management to maintenance to troubleshooting. It’s efficient, too - we realize that your time is important, so we stay with you every step of the way to make compliance a breeze.


All Atlantic.Net clients by default have access to our Network Address Translation Utility, designed to allow them to quickly and easily shape how their network functions. It features easy configuration for port forwarding (including ranges and the capacity to support multiple public IPS), outbound NAT, and advanced load balancing for both inbound and outbound connections. Integrated with the firewall appliance, it can be readily set up with full redundancy thanks to pfsync and CARP from OpenBSD.

HIPAA Managed Backup

The rapid growth of data, shrinking backup windows and budgets, scaling issues, and multiplatform environments currently in place in the healthcare industry all present significant challenges for server administrators. Atlantic.Net's experts can help, whether you're looking to back up your HIPAA compliant cloud hosting servers or your HIPAA compliant dedicated servers. Through our powerful Server Backup Manager - a fast, affordable platform for both Linux and Windows - we perform backups either daily or in real-time for each of our HIPAA clients, whichever they request. Incremental backups are done at the block level for advanced speed, and HIPAA hosting clients have full control over when, where, and how their data is stored. Data is by default kept in our HIPAA compliant SSAE 18 SOC 1 SOC 2 (formerly SSAE 16) data center, secured through on-site measures along with a suite of powerful and robust HIPAA compliant security software.

In addition to a host of customization options, the hosting backup platform is also equipped with robust monitoring tools, portable backups, point-in-time snapshots, and the ability to perform a bare-metal restore at any point in time. We support HIPAA compliant backups for the majority of virtualized platforms, as well as a wide range of SQL servers and databases.

HIPAA-Compliant Web Hosting

Atlantic.Net provides highly available and faster HIPAA Compliant Web Server Hosting for faster load times, reliability, better security, and minimal risk of crashing. We support IIS, Nginx and Apache.

HIPAA-Compliant Storage Hosting

Atlantic.Net delivers HIPAA Compliant Storage Hosting for clients looking for stability, security and compliance backed by industrial grade solutions. Atlantic.Net HIPAA storage hosting solutions are ideal for running mission-critical applications and storing a large amount of user-generated data, media files, and data that requires encryption.

HIPAA Hosting Features

Business Associate Agreement

Business Associate Agreement (BAA)

24/7/365 Phone, Chat, and Email Support

24/7 Phone, Chat, & Email Support

Fully Managed Firewall

Fully Managed Firewall

Intrusion Detection System

Intrusion Detection System

IP Reputation

IP Reputation

Blended Bandwidth

Blended Bandwidth

Linux & Window Servers

Linux & Window Servers

Highly Available Infrastructure

Highly Available Infrastructure

Anti-Virus Protection

Anti-Malware Protection

Vulnerability Scanning

Vulnerability Scanning

Encrypted Backup, Storage, & VPN

Encrypted Backup, Storage, & VPN

Log Management System

Log Management System

SOC 1 & SOC 2

Service Organization Control

Ensures internal controls and best practices for physical security, availability, processing integrity, confidentiality, and privacy.

HIPAA Audited

HIPAA Audited

Ensures that our processes, policies, facilities, and hosting solutions comply with the latest HIPAA Audit Protocols.

HITECH Audited

HITECH Audited

Stringent testing that continues to expand to comply with HITECH Act policies and protocols.

Our Technology Partners

HIPAA Partners

Dedicated to Your Success

"After evaluating a range of managed hosting options to support our data operations, we chose Atlantic.Net because of their superior infrastructure and extensive technical knowledge."

Jason Coleman

Jason Coleman

VP of Information Technology, Orlando Magic

"Atlantic.Net’s support for Windows Server Containers in their cloud platform brings additional choice and options for our joint customers in search of flexible and innovative cloud services."

Erin Chapple

- Erin Chapple

General Manager for Windows Server, Microsoft Corp.

Contact Us

Share your vision with us and we will develop a hosting environment tailored to your needs!

Contact an advisor at 888-618-DATA (3282) or fill out the form below.

New York, NY

100 Delawanna Ave, Suite 1

Clifton, NJ 07014

United States

Dallas, TX

2323 Bryan Street,

Dallas, Texas 75201

United States

San Francisco, CA

2820 Northwestern Pkwy,

Santa Clara, CA 95051

United States

Orlando, FL

440 W Kennedy Blvd, Suite 3

Orlando, FL 32810

United States

London, UK

14 Liverpool Road, Slough,

Berkshire SL1 4QZ

United Kingdom

Toronto, Canada

20 Pullman Ct, Scarborough,

Ontario M1X 1E4