Atlantic.Net Blog

Commonly Asked Questions and How-To’s About HIPAA Compliance: Part 2

Sam Guiliano
by Atlantic.Net (86posts) under HIPAA Compliant Hosting

hippo compliance humor

Below is the conclusion of our two-part series covering HIPAA compliance, so that healthcare plans, providers, and clearinghouses have ample information. We continue by addressing the remainder of six common questions, followed by a couple of “snapshot tutorials” that address the needs of those preparing to deploy HIPAA Compliant systems.

5. What is the monthly cost of HIPAA compliant servers?

A HIPAA compliant Server is available in a wide range of prices throughout the industry. A brief description of our affordable dedicated server packages will provide a sense of the basic technologies involved and the monthly price for their use. Note that if you need multiple servers, you can divide a dedicated server into several private cloud servers, which maintains your compliance while lowering your cost.

As with any type of hosting, the two primary operating systems used for HIPAA compliant environments are Linux and Windows. Of course, healthcare companies don’t always have the same needs, but the following technologies – with security features discussed separately – are included in our standard “starter” packages for each type of OS (within a fixed monthly plan, based on a 24-month agreement):

  • Dedicated Server – Core I3-3220 Dual Core 3.3 Ghz w/HT
  • 4 GB of RAM
  • 160 GB of Storage
  • 10 TB of Monthly Data Transfer with a 100 Mbps Port
  • 2 IP Addresses.

The following security features are included standardly in these packages (whether the Linux or Windows variety) as well:

  • Total Private Hosting Environment
  • Intrusion Detection System (IDS)
  • Managed Firewall
  • ( 5 ) Virtual Private Networks (VPNs).

Each system also includes a Business Associate Agreement (BAA), a contract described in the HIPAA legislation that stipulates our roles and responsibilities as a business associate (third party) handling data for a covered entity (healthcare organization).

The monthly price for the Linux system is $260.36 USD, while the monthly price for a Windows system is $275.69 USD. Trend Micro Deep Security and SSL certificates (GeoTrust) are available separately through our sales team.

6. How much should I pay for a HIPAA app server?

The above scenario (question #5) should give you an idea of a base price, and you could run a compliant application within either of those OS environments. An application server can be either dedicated or virtual (one of a few cloud servers – as detailed below). The fundamental concern is that the system should be 100% private and protected by the security tools listed above.

The standard design of a HIPAA virtual environment includes the following three machines: Web server, database server, and application server. You could also choose to have individual dedicated machines serve each of those functions, although that would be costlier. Due to the need for a total private environment, the starting price will be the same as is listed above: $260.36 USD for Linux, $275.69 USD for Windows (see question #5 for details of the system and further pricing parameters).

Two Snapshot Tutorials

1. How to make a HIPAA compliant website

If you want your website to be HIPAA compliant, you simply need to protect all your data (specifically the protected health information, or PHI) with today’s standard security technologies. The best path is the following:

  • Sign a business associate agreement (BAA) with a trusted hosting provider (see “Choosing a provider” below).
  • Create your hosting environment so that the developer can have immediate access to install applications, upload files, test usability, and perform other tasks. The hosting environment must include secure sockets layer (SSL) certificates, encrypted virtual private networks (VPNs), a dedicated firewall, two-factor authentication, a managed intrusion detection system with log management, and anti-virus protection.
  • Many healthcare companies prefer to use a 100% Windows environment for compatibility and proprietary maintenance with updates and security patches. Linux is popular as well though, due to control and continual optimization via an open source community. The typical basis for development within a Linux environment is a LAMP stack – a bundle of software containing Linux (operating system), Apache (Web server), MySQL (database), and PHP (coding language) – with general administrative control through cPanel or an alternative.

2. How to become HIPAA compliant with software

To ensure that all your software is compliant with HIPAA, your concern is essentially the same as when building a website (see #1 above): making sure that the patient data – the PHI (protected health information) – is fully secured. Your basic steps are as follows:

  • Sign a business associate agreement (BAA) with a trusted hosting provider (see “Choosing a provider” below).
  • Create your hosting environment, which must include secure sockets layer (SSL) certificates, encrypted virtual private networks (VPNs), a dedicated firewall, two-factor authentication, a managed intrusion detection system with log management, and anti-virus protection.
  • Begin development. If the software is already in place, migrate your application and related data into the system – using secure protocols so that the PHI is safeguarded throughout.

Choosing a provider

When you select a HIPAA hosting service, it is wise to choose one that is both experienced and has been validated by a reputable independent certification organization. Atlantic.Net has been in business for 20 years, specializing in healthcare compliance for the last 5 years. We own and operate a data center in Orlando, Florida, that is audited to meet the SSAE 16 Type II standard established by the American Institute of CPAs (AICPA).   We also offer a private Cloud Server with 100% uptime guarantee.

Start Your HIPAA Project with a Free Fully Audited HIPAA Platform Trial!

HIPAA Compliant Compute & Storage, Encrypted VPN, Security Firewall, BAA, Offsite Backups, Disaster Recovery, & More!

Start My Free Trial

Looking for HIPAA Compliant Hosting?

We Can Help with a Free Assessment.

  • IT Architecture Design, Security, & Guidance.
  • Flexible Private, Public, & Hybrid Hosting.
  • 24x7x365 Security, Support, & Monitoring.
Contact Us Now!
Stevie Gold Award Med Tech Award

SOC Audit HIPAA Audit HITECH Audit

Case Studies

White Papers


HIPAA Partners

Recent Posts

Get started with 12 months of free cloud VPS hosting

Free Tier includes:
G2.1GB Cloud VPS Server Free to Use for One Year
50 GB of Block Storage Free to Use for One Year
50 GB of Snapshots Free to Use for One Year

New York, NY

100 Delawanna Ave, Suite 1

Clifton, NJ 07014

United States

San Francisco, CA

2820 Northwestern Pkwy,

Santa Clara, CA 95051

United States

Dallas, TX

2323 Bryan Street,

Dallas, Texas 75201

United States

Ashburn, VA

1807 Michael Faraday Ct,

Reston, VA 20190

United States

Orlando, FL

440 W Kennedy Blvd, Suite 3

Orlando, FL 32810

United States

Toronto, Canada

20 Pullman Ct, Scarborough,

Ontario M1X 1E4


London, UK

14 Liverpool Road, Slough,

Berkshire SL1 4QZ

United Kingdom