HIPAA Storage Hosting Solutions

HIPAA Compliant Cloud Storage

HIPAA Compliant Cloud Storage Hosting

Trusted By

Our Clients

HIPAA Compliant Cloud Storage Hosting Solutions

Atlantic.Net specializes in HIPAA Compliant Cloud Storage Hosting Solutions. Our infrastructure is fully audited and compliant with HIPAA and HITECH requirements. We provide not only cost-effective online cloud storage, but also an enterprise level storage area network (SAN) for your mission critical data. Your organization can host on a Dedicated or Cloud storage platform – Atlantic.Net can provide the best online solution that fits your needs.

HIPAA Cloud Storage Solutions

Our HIPAA cloud storage is a cost-effective file storage and sharing option for growing organizations that are looking for powerful infrastructure within a reasonable budget. Our HIPAA compliant cloud storage is ideal for mission-critical applications without compromising speed, security and reliability; it’s ideal for storing large datasets, file transfer, file storage, online storage, imaging, and information that requires encryption.

Why Choose Atlantic.Net HIPAA Compliant Data Storage?

  • HIPAA-Compliant: We are HIPAA audited and certified by an independent third-party auditing firm.
  • HITECH-Compliant: We are HITECH audited and certified by an independent third-party auditing firm.
  • We sign Business Associate Agreements.
  • Full line of Managed Security Services for ultimate protection.
  • World-class data center infrastructure.
  • Tested and trusted since 1994.
  • Award-winning service, backed by “High Touch” approach.

Not sure what you need?

Get a free consultation today!

Contact Us

Sales: 888-618-3282


Med Tech Award SOC Audit HIPAA Audit HITECH Audit

Case Studies

Whitepapers


HIPAA Partners

HIPAA Data Storage Requirements - HHS bottom-line needs for HIPAA compliant data storage

First know that the Cloud Computing Guidelines from the HHS state explicitly that cloud computing can be used for HIPAA compliant platforms: “[W]hile a covered entity or business associate may use cloud-based services of any configuration (public, hybrid, private, etc.), provided it enters into a BAA [(business associate agreement)] with the CSP [(cloud service provider)], the type of cloud configuration to be used may affect the risk analysis and risk management plans of all parties and the resultant provisions of the BAA.”

Along with its reference to the need for a prudent BAA, the HIPAA rules also point to the importance of the service level agreement (SLA) to focus on data backup and disaster recovery; reliability and availability; limitations related to use or disclosure; how data will be transferred back to the customer if they depart; and adherence to required security precautions. Guidelines for the last element are within the Security Rule (part of HIPAA Title II, the Administrative Simplification Provisions).

If you want to abide by the Security Rule and properly protect the data, the cloud platform you choose should encrypt data whether it is in-transit or at-rest. Encryption uses a standardized algorithm to encode data so that it cannot be viewed by unauthorized parties. Industry best practices support the implementation of publicly available algorithms, in conjunction with private keys. The private key decrypts the information and makes it readable. While the protection of in-transit data is also crucial to HIPAA cloud storage, this piece focuses on the treatment of at-rest data.

At-rest encryption: centerpiece of HIPAA-compliant cloud storage

With no need for anything from the customer, HIPAA compliant cloud storage automatically encrypts at-rest data. Protocols that abide by industry standards should automatically encrypt data before it is stored on the disk. Specifically, the data should be encrypted via Advanced Encryption Standard 256-bit (AES-256), which is notably the only cipher for encryption that is publicly available and can be used for the transfer of top-secret files, according to the National Security Agency (NSA).

HIPAA Compliant Encryption: Advanced Encryption Standard 256-bit (AES-256)

Before data is saved and written to the HIPAA compliant data storage system, it should be broken up into pieces and spread throughout the system. That way a malicious party would need to gather all those pieces, along with applicable private keys, in order to access the data.

Only users that are authorized, and during permissible times, should be able to access data per controls on the encryption key.

The best HIPAA compliant cloud storage specifically approaches encryption with a 512-bit key determined with a sha256 hash algorithm delivered in XTS-plain64 cipher mode that abides by the AES-256 standard. Related to the 512 bits, 256 of them (half) are used for each of two keys (cipher and XTS).

Beyond the encryption that is achieved at the level of the storage software, it should also be encrypted comprehensively at the level of the hardware. Strong HIPAA cloud storage will again use the National Security Administration’s approved encryption protocol, AES-256, delivered through a different key specific to the hardware, to encrypt solid state drives.

The cloud service provider’s system should also encrypt all data for backup, both during transmission and once stored. Each backup should be encrypted with yet another set of keys for the best possible compliance solution.

Managing HIPAA data storage encryption keys

Management of the keys is another primary concern. A key management service (KMS) should be used that utilizes peer-to-peer replication. The KMS is a chief issue because, at a large scale, it can become unmanageable to rapidly encrypt, store, and decrypt data. The KMS that is implemented for the best HIPAA compliant cloud storage serves as a centralized access control while providing simple monitoring and logging.

The KMS will typically have a data encryption key (DEK). These keys are created within the storage system, transmitted to the key management service for encryption using the key encryption key (KEK) of the recipient, and returned to the original system for storage.

In order to decrypt data and make it legible, the HIPAA cloud storage platform takes the DEK and sends it to the key management service. The KMS performs authorization of the service related to the key; the key encryption key decrypts the key and sends it back to the service; and the service can then utilize the key for decryption.

The keys themselves are encrypted using AES-256. The best HIPAA compliant cloud storage conducts all encrypting and decrypting within its KMS, which bolsters security while streamlining audits through organized tracking.

The key encryption key should be changed routinely, every 3 months. Multiple sets of keys should be stored. The best HIPAA compliant cloud storage uses an active KEK for encryption and formerly active KEK sets for decryption.

Access to the KEK sets should be at the level of each individual key, via a control list. The ability to access keys should be limited to users and services that are authenticated. All requests should be logged.

In order to encrypt and decrypt the KEKs, there should be a master overarching key for the key management service. This master key should occur in RAM. When an instance of the KMS needs to restart, it should get the master key from a peer.

The master key is a top priority for disaster recovery. A HIPAA cloud storage provider should encrypt the key with AES-256 and keep it within a master key management system that is kept off-line in a space with numerous physical security mechanisms in place. No one should have to access the off-line system unless you have to restart all instances of the KMS at once. Physical access to the off-line KMS should be tightly restricted to just a few individuals.

For the best HIPAA compliant cloud storage, contact us today and we will be happy to design the best HIPAA Compliant File Sharing Solution for you!

Why Use HIPAA-Compliant Cloud Storage?

The best HIPAA-compliant cloud storage is within an infrastructure that encrypts all at-rest data across-the-board, avoiding the costs of data breaches by meeting standards and proving adherence through third-party certifications.

Settlements for the violation of healthcare privacy and security laws outlined within the Health Insurance Portability and Accountability Act of 1996 (HIPAA) were at an all-time high in 2016. A total of $22.9 million was submitted to the HIPAA enforcement agency, the Office for Civil Rights (OCR) of the federal Health and Human Services Department (HHS). The largest settlement ever under the HIPAA law, $5.55 million, was announced in August. There were 6 fines in 2016 that were $2.14 million or more. This trend continued in the new year, with a $5.5 million fine, nearly reaching the record settlement, announced in February 2017.

As you can see, HIPAA compliance is a multi-million-dollar proposition – and it is not just the fines. When you calculate in reputational, legal, operational, and other expenses, the cost is an average $700 per healthcare data record breached. If 5,000 records are compromised, the expense to a company will typically be about $3.5 million.

To avoid these costs, it is important to know that your HIPAA-compliant cloud storage is meeting the requirements of the federal government related to this technology.

SOC 1 & SOC 2

Service Organization Control

Ensures internal controls and best practices for physical security, availability, processing integrity, confidentiality, and privacy.

HIPAA Audited

HIPAA Audited

Ensures that our processes, policies, facilities, and hosting solutions comply with the latest HIPAA Audit Protocols.

HITECH Audited

HITECH Audited

Stringent testing that continues to expand to comply with HITECH Act policies and protocols.

Business Associate Agreement (BAA) Available With All HIPAA Hosting Plans

HIPAA Data Storage Hosting Features

Business Associate Agreement

Business Associate Agreement

24/7/365 Phone, Chat, and Email Support

24/7 Phone, Chat, & Email Support

Fully Managed Firewall

Fully Managed Firewall

Intrusion Detection System

Intrusion Detection System

IP Reputation

IP Reputation

Blended Bandwidth

Blended Bandwidth

Linux & Window Servers

Linux & Window Servers

Highly Available Infrastructure

Highly Available Infrastructure

Anti-Virus Protection

Anti-Malware Protection

Vulnerability Scans

Vulnerability Scans

Encrypted Backup, Storage, & VPN

Encrypted Backup, Storage, & VPN

Log Management System

Log Management System

Our Technology Partners

HIPAA Partners

Dedicated to Your Success

Jason Coleman

Jason Coleman

VP of Information Technology, Orlando Magic

"After evaluating a range of managed hosting options to support our data operations, we chose Atlantic.Net because of their superior infrastructure and extensive technical knowledge."

Erin Chapple

- Erin Chapple

General Manager for Windows Server, Microsoft Corp.

"Atlantic.Net’s support for Windows Server Containers in their cloud platform brings additional choice and options for our joint customers in search of flexible and innovative cloud services."

Contact Us

Share your vision with us and we will develop a hosting environment tailored to your needs!

Contact an advisor at 888-618-DATA (3282) or fill out the form below.

New York, NY

100 Delawanna Ave, Suite 1

Clifton, NJ 07014

United States

Dallas, TX

2323 Bryan Street,

Dallas, Texas 75201

United States

San Francisco, CA

2820 Northwestern Pkwy,

Santa Clara, CA 95051

United States

Orlando, FL

440 W Kennedy Blvd, Suite 3

Orlando, FL 32810

United States

London, UK

14 Liverpool Road, Slough,

Berkshire SL1 4QZ

United Kingdom

Toronto, Canada

20 Pullman Ct, Scarborough,

Ontario M1X 1E4

Canada

Resources

We use cookies for advertising, social media and analytics purposes. Read about how we use cookies in our updated Privacy Policy. If you continue to use this site, you consent to our use of cookies and our Privacy Policy.