Atlantic.Net Blog

HIPAA Compliant Dedicated Server – A Real World Scenario – Part 2

dedicated server comic

<<< Continued from Part 1

Consultant (continued): By adding the second server, we also had to increase the cost of the daily backup since there is more storage involved. I also had to double the number of Trend Micro Deep Security licenses. I added 8 more Ips, but the IPs are free. You will now have 16 for the two servers. I also added another ( 5 ) VPNs at no extra charge. The updated proposal is attached and summarized below:

1.)  One Fully Managed Hardware Firewall with ( 10 ) Managed VPNs / Intrusion Detection System with Log Monitoring and Log Management.
2.) Two servers with the following specs:

  • Dual Hex Core Xeon E5-2620V2 2.1 GHz w/ HT Processors
  • 24 Logical Cores per Server
  • 16 GB of RAM (expandable to 128 GB of RAM per server)
  • 2 X 240 GB SSD Cachecade Hard Drives
  • 4 X 4 TB SATA ES3  Enterprise Hard Drives – RAID 5, 6 or 10
  • LSI Hardware RAID Card
  • Hot-Swappable Bays
  • Dual Power Supplies
  • IPMI (intelligent platform management interface).

3.) Fully Managed Daily Backup for all the Storage Space on the two servers
4.) 20 TB of Monthly Data Transfer, with a 1 Gbps Port
5.) Trend Micro Deep Security
6.) 16 Total Static IPs.

If you so desire, we can virtualize the servers by using HyperV. Windows Standard Edition allows ( 2 ) VMs per server. We will set up the VMs for you when we first deploy the servers if you wish to virtualize.

Also, our controller sent you an email this morning concerning your request for a HIPAA audit report. Please contact me if you have any questions concerning the email that he sent you or regarding this proposal.

Client: Thank you for the details. I will be discussing your proposal with my management shortly. I have a few questions first, though:

  1. How many hard disks can be added to each server?
  2. What is the monthly charge for each additional TB of data transfer?

Consultant: Great. Here are the answers to your questions:

  1. You can add ( 2 ) more 4 TB hard drives to each server.
  2. The charge is $0.05 per month per GB for overages. You would have to exceed the 20TB of data transfer in a 30 day period to incur the overage charge.

Client: Hi – a few more questions:

  1. If the data storage exceeds the maximum capacity of all 8 hard drives, can you add an additional external storage device? What would be the cost per TB?
  2. Can you provide a Vulnerability Scan report?

Thank you.

Consultant: Okay, in response to your questions:

  1. It is possible to add external storage, and the pricing is dependent on how much storage is required. We do not offer an On-Demand Storage solution, so I can only provide you with pricing based on the amount of total storage you wish to establish.
  2. That is part of the Intrusion Detection System that is included in the proposal we presented to you.

Client: Great that is all the information I need. I appreciate your answering all my questions so promptly. Once I speak with my management, what’s the next step?

Consultant: You’re welcome. If you decide to move forward, please sign the BAA and send it back to us. Thank you for choosing Atlantic .Net. Let us know if you have any additional questions.

Key terms

Here are basic explanations for several of the key terms used in the above discussion:

Business Associate Agreement (BAA): A business associate agreement is a contract between two parties, as established to fulfill HIPAA compliance. A covered entity – a healthcare provider, plan, or clearinghouse – enters the agreement with a business associate – any outside organization that handles protected health information (PHI). The document essentially stipulates the responsibilities of each party, such as the exact nature with which the associate will interact with PHI.

Trend Micro Deep Security:  Trend Micro Inc. is a security software company founded in Los Angeles, California, with global headquarters in Tokyo, Japan, an R&D center in Taipei, Taiwan, and regional headquarters in Asia, Europe, and the Americas. The company develops security software for servers, cloud computing environments, consumers, and small, medium, and enterprise businesses.

RAID: Short for a redundant array of independent disks, RAID is a standardized technique to store multiple instances of identical data on more than one HDD (hard disk drive) or SSD (solid-state drive).

SLA: Short for service level agreement, an SLA defines the parameters with which a web hosting provider or similar third-party supplier will service its clients – such as our 100% uptime VPS Hosting commitment.

Offering IT solutions to healthcare organizations since 1994 – with specialized compliance strategies first developed in 2009 – Atlantic.Net is prepared to meet your organization’s needs. Please review our HIPAA Compliant Hosting  Master Index for an organized menu of our various materials related to this subject.

Get a $250 Credit and Access to Our Free Tier!

Free Tier includes:
G3.2GB Cloud VPS a Free to Use for One Year
50 GB of Block Storage Free to Use for One Year
50 GB of Snapshots Free to Use for One Year