HIPAA Compliant Server Hosting

Firewall is actually a kind of broad term. It refers to a hardware or software system (i.e., physical component or an app) that is used to secure a network, via a set of rules that control the traffic that’s entering and exiting it.

The hardware/software distinction is just one way to categorize firewalls, though. As indicated in the US Department of Commerce’s NIST firewall guidelines (Special Publication 800-41), and as expanded by TechTarget, five primary types of firewalls are application-level gateways (proxies), circuit-level gateways, multilayer inspection firewalls, packet-filtering firewalls, and stateful inspection firewalls.

An encrypted VPN is technology that essentially creates a tunnel between two devices (typically the server and the client). The data is encrypted entering the tunnel and decrypted as it exits it.

There are a couple of standard encryption protocols for VPNs other than SSL, IPsec (Internet Protocol Security) and GRE (generic routing encapsulation). GRE gives you a framework with which you’re able to package and transport via IP.

Offsite backups are a security tactic and disaster recovery technique that means data, and in some cases software, is being stored at a remote location from the company. Offsite backups are also called offsite data backups or offsite data protection – albeit, the latter really denoting the safeguards of the external environment. Offsite backups are simply a distribution or diversification method to prevent total loss of your valuable ePHI (electronic protected health information).

Multifactor authentication, which goes by MFA, is a security check that uses two different forms of authentication to confirm the identity of the user. MFA is a stronger evolution of SFA (single-factor authentication), which only authenticates in one manner, usually via a password matching the username provided.

What's meant by a private hosted environment is your servers are reserved solely for your use. That’s the key point and refers to Atlantic.Net’s Cloud Hosting or dedicated hosting servers.

In a private hosted environment, the data is all in its own place, so it is not being shared or intermingled with the information of other apps or hosting users.

Atlantic.Net trusts and utilizes DUO for Multifactor authentication.

An SSL (secure sockets layer) certificate is software that creates encryption of data during transmission and validates ownership of the certificate to varying degrees.

Groups called certification authorities (CA’s), which typically have very high reputations for security, issue these certificates.

SSL certificates come in three main levels of validation: domain validation (DV), organization validation (OV), and extended validation (EV). All certs create https protocol and a lock icon, along with brief information available to all web users. EV is represented by the green address bar indicators in all major browsers. SAN certificates and wildcards certs are other types.

SSAE 18 certification entails an official review and audit that verifies you are meeting all parameters of Statements on Standards for Attestation Engagements No. 16, a standard developed by the AICPA (American Institute of Certified Public Accountants) via its ASB (Auditing Standards Board).

This standard provides guidance on best practices through which organizations can report on their compliance control, as gauged through a formal audit.

In addition, HIPAA and HITECH Audits are also growing. Here at Atlantic.Net, our infrastructure is not only SOC 2 TYPE II and SOC 3 TYPE II certified but also fully audited for HIPAA and HITECH compliance. These audits are conducted on an annual basis through a third party independent auditor, who verify and attest to controls, checks and balances of the infrastructure, as it relates to logical and physical controls and security.

A HIPAA business associate agreement is a legal contract between a HIPAA covered entity and business associate, as defined via the US Health Insurance Portability and Accountability Act of 1996. These agreements safeguard ePHI (electronic protected health information), which is the sensitive personal data and records of patients.

Covered entities are healthcare providers, plans, and data clearinghouses, while business associates are any organization doing business with covered entities in a manner that involves ePHI.