Atlantic.Net Blog

Do I Need to Be HIPAA Compliant?

Editorial Team
by Atlantic.Net (263 posts) under HIPAA Compliant Hosting
  • Who Needs to Be Compliant?
  • The Role of the Healthcare Clearinghouse
  • Interviewing Business Associates
  • Making Strong HIPAA Choices

Who needs to Be Compliant?

Business associates are a catch-all group that includes any company performing a service for covered entities that exposes it to protected health information (electronic health records or other data). Covered entities include health care providers, health care plans, and health care clearinghouses. If you are a covered entity or business associate, you need to be compliant with the Health Insurance Portability and Accountability Act.

HIPAA Health Care Provider Definition

A  HIPAA health care provider is an organization or individual that provides health care services and processes PHI in digital form. Examples include doctors, chiropractors, and pharmacies.

Health Care Plan Definition

A health care plan is a program set up for a person or business (such as an employer) that pays health care expenses. Examples include health insurance firms and Medicare.

Health Care Clearinghouse Definition

What is a healthcare clearinghouse? These companies convert nonstandard health data into standard health data or vice versa.

A healthcare clearinghouse can be “a public or private entity, including a billing service, repricing company, community health management information system or community health information system, and ‘value-added’ networks and switches,” explained Ohio law firm Bricker & Eckler LLP.

If you are unsure whether or not you fit one of those definitions, you can complete a short Q & A from the federal government.

The Role of the Healthcare Clearinghouse

People are often unfamiliar with that third category, the clearinghouse. The role that it serves is essentially a “middleman” that sends claim data from a provider (such as a clinic) to a payer (such as an insurance company). One of the primary activities conducted by health care clearinghouses is claims scrubbing, which essentially checks for any possible mistakes and makes sure the claim is formatted correctly for reading by the payer’s system.

“The clearinghouse also checks to make sure that the procedural and diagnosis codes being submitted are valid and that each procedure code is appropriate for the diagnosis code submitted with it,” said For Dummies. “The claim scrubbing edit helps prevent time-consuming processing errors.”

Interviewing Business Associates

The first business associates were getting audited in 2015. Your choice of a business associate should now focus even more on credibility since HITECH essentially means broader responsibility: your tech partners and others can now receive penalties as well.

Here are several questions that were recently asked of us by a company thinking about switching to our HIPAA server hosting environment.

Healthcare client:

What is your business continuity plan for HIPAA?

HIPAA hosting specialist:

Please see our business continuity plan attached.

Healthcare client:

What is your backup plan for HIPAA?

HIPAA hosting specialist:

We provide Fully Managed Daily Encrypted Backup for all files and databases on separate Encrypted Storage Nodes. Other information is listed in the attached.

Healthcare client:

Is there any difference between regular data centers and HIPAA-compliant data centers? Please tell me why it is different.

HIPAA hosting specialist:

A HIPAA compliant Data Center has been audited for HIPAA and HITECH compliance.

Healthcare client:

What is your emergency plan? Do your technicians stand by 24/7?

HIPAA hosting specialist:

We operate a 24 X 7 X 365 Live Engineering support environment.

Healthcare client:

What is your plan to prevent data leakage? Like USB leakage (Both data center & our office).

HIPAA hosting specialist:

The documents I have attached cover this question. We are not involved in the customer’s HIPAA compliance in their office environment. This requires that the customer contract with a HIPAA consultant.

Healthcare client:

According to your website, you are HIPAA compliant, but is there any proof of evidence? (certification/audit)

HIPAA hosting specialist:

The documents I have attached include HIPAA certification.

Healthcare client:

As far as my understanding, virtual server hosting has some problems with HIPAA’s security rules. Is it safe to put our data into a virtual server?

HIPAA hosting specialist:

We will not issue a BAA based on the use of a Public Cloud / private cloud hosting environment (including our own). That does not mean that you cannot create a Private Virtualized environment by using Private Dedicated Server Hardware containing multiple private cloud servers.

Healthcare client:

What is the price for HIPAA compliant Windows Cloud Hosting?  (access from only one location)

HIPAA hosting specialist:

With 1 TB of Self-Encrypted Storage, it is $xxx per month on a 12-month agreement with no setup fee.

Making Strong HIPAA Choices

HIPAA audits are on the rise, with the DHHS reportedly ready to crack down on any violations. Violations and settlements aren’t just expensive and distracting. They can also be a publicity nightmare since any data compromises affecting 500 people or more must be reported to a major media outlet.

Whatever your technical requirements, Atlantic.Net offers the industry-leading HIPAA Compliant hosting solution, audited by a fully qualified and independent third party, among many other service options to support healthcare hosting. We also offer HIPAA webhosting.

By Moazzam Adnan

Start Your HIPAA Project with a Free Fully Audited HIPAA Platform Trial!

HIPAA Compliant Compute & Storage, Encrypted VPN, Security Firewall, BAA, Offsite Backups, Disaster Recovery, & More!

Start My Free Trial

Looking for HIPAA Compliant Hosting?

We Can Help with a Free Assessment.

  • IT Architecture Design, Security, & Guidance.
  • Flexible Private, Public, & Hybrid Hosting.
  • 24x7x365 Security, Support, & Monitoring.
Contact Us Now!
Stevie Gold Award
Inc 500
Global Infosec 2021
28 Year logo
Ehla Badges 2021 Winner
Made In USA

SOC Audit HIPAA Audit HITECH Audit

Case Studies

White Papers


Recent Posts

How to Install and Use Composer on Oracle Linux 8
How to Install Sails.js Framework with Nginx as a Reverse Proxy on Oracle Linux 8
Are Data Breaches In The Cloud Getting Better Or Worse?
How to setup HTTP Strict Transport Security (HSTS) for Apache on Oracle Linux 8
How to Install Kanban Kanboard on Oracle Linux 8

Get started with 12 months of free cloud VPS hosting

Free Tier includes:
G3.2GB Cloud VPS Server Free to Use for One Year
50 GB of Block Storage Free to Use for One Year
50 GB of Snapshots Free to Use for One Year

New York, NY

100 Delawanna Ave, Suite 1

Clifton, NJ 07014

United States

San Francisco, CA

2820 Northwestern Pkwy,

Santa Clara, CA 95051

United States

Dallas, TX

2008 Lookout Dr,

Dallas, Texas 75044

United States

Ashburn, VA

1807 Michael Faraday Ct,

Reston, VA 20190

United States

Orlando, FL

440 W Kennedy Blvd, Suite 3

Orlando, FL 32810

United States

Toronto, Canada

20 Pullman Ct, Scarborough,

Ontario M1X 1E4


London, UK

14 Liverpool Road, Slough,

Berkshire SL1 4QZ

United Kingdom