HIPAA Cloud Hosting

Trusted By

Our Clients

HIPAA Cloud Hosting

We provide a secure and affordable HIPAA cloud hosting environment that only you can access; you’ll have access to all the benefits of cloud hosting with none of the risks. Our HIPAA Cloud Hosting has been audited and certified by an independent third party against the HIPAA Security Rule for HIPAA compliance

Custom Windows & Linux
HIPAA Cloud Hosting Get a Quote

vCPU Up to 112 vCPUs

RAM Up to 2 TB of RAM

SSD Disk Up to 12TB of SSD

Storage Redundancy RAID 10

IP Addresses IPv4 and IPv6, Private and Public

Monthly Bandwidth Up to 10Gbps

VPN's included

Cloud Server Management included

Intrusion Detection included

Anti-Malware included

Network Security included

Log Inspection included

Integrity Monitoring included

Managed Backup included

Managed Firewall included

Encrypted Data At Rest Included

Get Started

HIPAA-Compliant Cloud Hosting

You could be forgiven for thinking the cloud isn’t secure enough for healthcare - there’s plenty of paranoia about the safety of cloud hosting, after all. You needn’t worry, though. We’ll provide your healthcare firm with an ultra-secure private cloud that only you can access; you’ll have access to all the benefits of cloud hosting with none of the risks.

We’ve taken the following security measures to make sure our cloud is as ironclad as possible:

  • A fully-managed firewall that prevents unauthorized network access
  • A robust Intrusion Prevention system to root out specific breach attempts
  • A virtual private network (VPN) to encrypt data moving into or out of the system via SSL certificates and other technologies.

Beyond security, we understand that healthcare organizations desire quick, efficient, and effective support. We’re more than up to the task of providing just that. All Atlantic.Net clients have access to 24/7 phone and email support.

HIPAA-Compliant Cloud Hosting - Is It Possible to Protect PHI in the Cloud?

HIPAA Compliant Cloud Hosting

HIPAA Compliant Cloud Hosting

The number of organizations adopting virtualized environments continues to grow in many industries, including health care[I]. Virtualization enables network flexibility that most healthcare organizations could benefit from, but many are held back by a lack of clarity about what virtualization is, and how it relates to compliance.

A virtual environment is one in which a software layer, called a “hypervisor,” has been added to a physical server.  An operating system can then be loaded onto the hypervisor layer to create a “virtual machine” (VM), which is a software-defined server, and as such can do some things not possible with physical, hardware-dependent servers.  The hypervisor layer can determine the precise size and location of the server VMs or “instances” loaded onto it since it provides separation from the physical limitations of each piece of hardware.  As we will explore below, this can benefit organizations through increased agility and automation.

HIPAA compliance can be particularly scary for organizations, due to the implications of a breach of security inherent in health care, the complexity of the regulations, and the severity of potential fines.  Timely access to medical information can be a matter of life and death, but ensuring that information is accessible, portable, and renewable only covers Title I of the Act.  Title II, covering health care fraud and abuse, along with the enforcement-strengthening HITECH Act[II], imposes security and privacy rules on health care providers and the companies that support them. Compliance failures can result in fines of up to $1.5 million[III], and data breaches, which are increasingly common in healthcare[IV], can be even more expensive, particularly when reputational harm is considered.

Fortunately, virtualized environments can not only be HIPAA-Compliant quickly but can make compliance easier.

There are different kinds of hypervisors, and the most appropriate for any given health care organization depends on the organization's needs and other IT tools.  What is common to each one is that the isolation and abstraction of the VMs they create give them robust access, security, and privacy compliance capabilities. Each VM set up by the hypervisor is self-contained, and keeps its data isolated from any other VMs and their data.  An Introduction to Virtualization[V] offered by Intel Developer Zone puts it this way:

"Virtual machines are essentially isolated from one another in the same way that two physical machines would be on the same network. A virtual machine’s running operating system has no knowledge of other virtual machines running on the same machine.

This enables even VMs with different operating systems to run simultaneously on the same hardware.  The separation the hypervisor provides between the instance and the physical server makes the system “agile.”  It allows virtualized servers to be moved, for example, in the case of a hardware failure, which keeps whatever function is being “served” working. The hypervisor also manages the hardware resources available to it to run an organization's VMs as efficiently as possible and to scale to maintain availability when demand on the network is high.

There are three hypervisors available to Atlantic.Net customers: Proxmox, Hyper-V, and Cloud.

Proxmox

An open-source alternative based on the Linux Kernel Virtual Machine (KVM), Proxmox is managed with a web graphical user interface (GUI) and is known for solid performance and flexibility.  It works reliably with different operating systems, but also supports different storage options[VI], including Linux containers.  Any storage type used can be accessed only through the hypervisor layer, allowing access restrictions compliant with HIPAA's Title II and HITECH rules.

HIPAA VM hypervisor

When set up in a server cluster or utilizing “shared” storage, Proxmox allows live migration of running machines.  This makes the system agile enough that maintenance or updates necessary to keep the virtual server compliant from a security perspective can be performed without downtime, preserving compliance with the availability rules of HIPAA's Title I.  First released publicly in 2008, Proxmox is updated about every six months.  It is built to work flexibly with a variety of different products, rather than those from a particular company like Microsoft as is the case with Hyper-V, which could make Proxmox a better fit for some organizations.  Proxmox sometimes requires IT teams to use the command line, which for some, may not be ideal.

Hyper-V

Microsoft's Hyper-V is designed for Windows server and desktops, making it a popular choice for organizations that predominantly use Windows.  Unlike Proxmox, Hyper-V uses proprietary storage technologies[VII].  The separation and control of access through the hypervisor layer is very similar, however, as is support for live migration.  As with Proxmox, this keeps data in a securely isolated environment to maintain compliance with rules for fraud, abuse, and privacy, while also enabling the constant access and portability HIPAA requires.

Hyper-V includes “dynamic memory management,” a feature making it easy to scale up the number of virtual machines in use.  It also features Windows Active Directory for security and access management.  Organizations considering Hyper-V should be aware that it tends to work best with the latest version of Windows, though it also works with other operating systems, including Linux and FreeBSD[VIII].  Hyper-V was originally launched with Windows Server 2008, and Microsoft maintains it with frequent updates.

Cloud

Atlantic.Net's Cloud Hosting environment is based on Linux KVM, much like Proxmox.  Data is therefore isolated in the same way, on an abstracted hardware layer available only via the hypervisor.

Cloud environments allow customers fine-grained control to pay only for the resources they use and scale up those resources to meet increases in demand.  It is, therefore, an efficient and economical solution for organizations with high variations in IT workload.  Atlantic.Net launched its first cloud servers in 2010 and has been steadily expanding the service since.

Software Secures Borders, Physical or Virtual

Just as the software borders between VMs are like the hardware boundaries between physical machines, the tools that secure a network against malicious traffic are similar.  Traffic should be controlled with a firewall, all the elements of the site should be secured with two-factor authentication, and off-site backups must be maintained to meet the Title I standard of accessibility.  Those and all of the other necessary features for HIPAA compliance in a server[IX] can be met with the appropriate implementation of any virtual environment from Atlantic.Net.

HIPAA HITECh Virtual Private Cloud

Regularly scheduled, automated backups are available or included with all Atlantic.Net virtualized environments, making continuous compliance not only possible but easier.  Healthcare organizations can also provide auditors with automatically generated logs of network traffic created by either KVM or Hyper-V, easily demonstrating the security and privacy necessary for Title II and HITECH compliance.

Every healthcare organization needs to follow security and compliance best practices, and partner with an IT provider they can trust to deliver compliant services, regardless of the network environment.  Fortunately, this means the flexibility, logging, automated backups, and other features of virtualized environments are an option for all.

Atlantic.Net's Managed Solutions

Atlantic.Net is a leader in HIPAA-Compliant Hosting. With plans tailored to fit your needs and a dedicated round-the-clock support staff, we are ready to help you implement HIPAA. We have both traditional Dedicated Hosting HIPAA plans and also Managed Cloud HIPAA solutions. Our Atlantic.Net Managed Firewall and IDS (intrusion detection system) come included, along with daily backups and 24/7 monitoring.

If your organization has avoided or delayed moving HIPAA workloads to a virtualized environment out of compliance concerns, it is likely worth reconsidering the option. Contact our knowledgeable sales team today by phone 1.800.521.5881 or email [email protected] for information about our HIPAA Hosting and Manage Cloud solutions today!


[I] http://healthitsecurity.com/news/healthcare-cloud-security-concerns-not-impediment-to-usage[II] https://www.hhs.gov/hipaa/for-professionals/special-topics/HITECH-act-enforcement-interim-final-rule/index.html?language=es [III] https://www.ama-assn.org/practice-management/hipaa-violations-enforcement [IV] http://www.darkreading.com/threat-intelligence/healthcare-suffers-estimated-$62-billion-in-data-breaches/d/d-id/1325482 [V] https://software.intel.com/sites/default/files/m/d/4/1/d/8/An_Introduction_to_Virtualization.pdf [VI] http://pve.proxmox.com/wiki/Storage_Model [VII] https://technet.microsoft.com/en-us/library/dn610883(v=ws.11).aspx [VIII] https://technet.microsoft.com/en-us/library/mt126277(v=ws.11).aspx [IX] https://www.atlantic.net/blog/hipaa-compliant-hosting-requirements-easy-solution-oriented-checklist/
SOC 1 & SOC 2

Service Organization Control

Ensures internal controls and best practices for physical security, availability, processing integrity, confidentiality, and privacy.

HIPAA Audited

HIPAA Audited

Ensures that our processes, policies, facilities, and hosting solutions comply with the latest HIPAA Audit Protocols.

HITECH Audited

HITECH Audited

Stringent testing that continues to expand to comply with HITECH Act policies and protocols.

Business Associate Agreement (BAA) Available With All HIPAA Hosting Plans

HIPAA Hosting Features

Business Associate Agreement

Business Associate Agreement

24/7/365 Phone, Chat, and Email Support

24/7 Phone, Chat, & Email Support

Fully Managed Firewall

Fully Managed Firewall

Intrusion Detection System

Intrusion Detection System

IP Reputation

IP Reputation

Blended Bandwidth

Blended Bandwidth

Linux & Window Servers

Linux & Window Servers

Highly Available Infrastructure

Highly Available Infrastructure

Anti-Virus Protection

Anti-Malware Protection

Vulnerability Scans

Vulnerability Scans

Encrypted Backup, Storage, & VPN

Encrypted Backup, Storage, & VPN

Log Management System

Log Management System

Our Technology Partners

HIPAA Partners

Dedicated to Your Success

Jason Coleman

Jason Coleman

VP of Information Technology, Orlando Magic

"After evaluating a range of managed hosting options to support our data operations, we chose Atlantic.Net because of their superior infrastructure and extensive technical knowledge."

Erin Chapple

- Erin Chapple

General Manager for Windows Server, Microsoft Corp.

"Atlantic.Net’s support for Windows Server Containers in their cloud platform brings additional choice and options for our joint customers in search of flexible and innovative cloud services."

Contact Us

Share your vision with us and we will develop a hosting environment tailored to your needs!

Contact an advisor at 888-618-DATA (3282) or fill out the form below.

New York, NY

100 Delawanna Ave, Suite 1

Clifton, NJ 07014

United States

Dallas, TX

2323 Bryan Street,

Dallas, Texas 75201

United States

San Francisco, CA

2820 Northwestern Pkwy,

Santa Clara, CA 95051

United States

Orlando, FL

440 W Kennedy Blvd, Suite 3

Orlando, FL 32810

United States

London, UK

14 Liverpool Road, Slough,

Berkshire SL1 4QZ

United Kingdom

Toronto, Canada

20 Pullman Ct, Scarborough,

Ontario M1X 1E4

Canada

Resources

We use cookies for advertising, social media and analytics purposes. Read about how we use cookies in our updated Privacy Policy. If you continue to use this site, you consent to our use of cookies and our Privacy Policy.