HIPAA Compliant Dedicated Server – A Real World Scenario – Part 2

Sam Guiliano
by Atlantic.Net (86posts) under HIPAA Compliant Hosting
0 Comments

server comic

<<< Continued from Part 1

Consultant (continued): By adding the second server we also had to increase the cost of the daily backup since there is more storage involved. I also had to double the number of Trend Micro Deep Security licenses. I added 8 more Ips, but the IPs are free. You will now have 16 for the two servers. I also added another ( 5 ) VPNs at no extra charge. The updated proposal is attached and summarized below:

1.)  One Fully Managed Hardware Firewall with ( 10 ) Managed VPNs / Intrusion Detection System with Log Monitoring and Log Management.
2.) Two servers with the following specs:

  • Dual Hex Core Xeon E5-2620V2 2.1 Ghz w/ HT Processors
  • 24 Logical Cores per Server
  • 16 GB of RAM (expandable to 128 GB of RAM per server)
  • 2 X 240 GB SSD Cachecade Hard Drives
  • 4 X 4 TB SATA ES3  Enterprise Hard Drives – RAID 5, 6 or 10
  • LSI Hardware RAID Card
  • Hot Swappable Bays
  • Dual Power Supplies
  • IPMI (intelligent platform management interface).

3.) Fully Managed Daily Backup for all the Storage Space on the two servers
4.) 20 TB of Monthly Data Transfer, with a 1 Gbps Port
5.) Trend Micro Deep Security
6.) 16 Total Static IP’s.

If you so desire, we can virtualize the servers by using HyperV. Windows Standard Edition allows ( 2 ) VMs per server. We will setup the VMs for you when we first deploy the servers if you wish to virtualize.

Also, our controller sent you an email this morning concerning your request for a HIPAA audit report. Please contact me if you have any questions concerning the email that he sent you or regarding this proposal.

Client: Thank you for the details. I will be discussing your proposal with my management shortly. I have a few questions first though:

  1. How many hard disks can be added to each server?
  2. What is the monthly charge for each additional TB of data transfer?

Consultant: Great. Here are the answers to your questions:

  1. You can add ( 2 ) more 4 TB hard drives to each server.
  2. The charge is $0.05 per month per GB for overages. You would have to exceed the 20TB of data transfer in a 30 day period in order to incur the overage charge.

Client: Hi – a few more questions:

  1. If the data storage exceeds the maximum capacity of all the 8 hard drives, can you add an additional external storage device? What would be the cost per TB?
  2. Can you provide a Vulnerability Scan report?

Thank you.

Consultant: Okay, in response to your questions:

  1. It is possible to add external storage, and the pricing is dependent on how much storage is required. We do not offer an On-Demand Storage solution, so I can only provide you with pricing based on the amount of total storage you wish to establish.
  2. That is part of the Intrusion Detection System that is included in the proposal we presented to you.

Client: Great, that is all the information I need. I appreciate your answering all my questions so promptly. Once I speak with my management, what’s the next step?

Consultant: You’re welcome. If you decide to move forward, please sign the BAA and send it back to us. Thank you for choosing Atlantic .Net. Let us know if you have any additional questions.

Key terms

Here are basic explanations for several of the key terms used in the above discussion:

Business Associate Agreement (BAA): A business associate agreement is a contract between two parties, as established to fulfill HIPAA compliance. A covered entity – a healthcare provider, plan, or clearinghouse – enters the agreement with a business associate – any outside organization that handles protected health information (PHI). The document essentially stipulates the responsibilities of each party, such as the exact nature with which the associate will interact with PHI.

Trend Micro Deep Security:  Trend Micro Inc. is a security software company founded in Los Angeles, California with global headquarters in Tokyo, Japan, an R&D center in Taipei, Taiwan, and regional headquarters in Asia, Europe, and the Americas. The company develops security software for servers, cloud computing environments, consumers, and small, medium and enterprise businesses

RAID: Short for redundant array of independent disks, RAID is a standardized technique to store multiple instances of identical data on more than one HDD (hard disk drive) or SSD (solid state drive).

SLA: Short for service level agreement, an SLA defines the parameters with which a web hosting provider or similar third-party supplier will service its clients – such as our 100% uptime Cloud Hosting commitment.

Offering IT solutions to healthcare organizations since 1994 – with specialized compliance strategies first developed in 2009 – Atlantic.Net is prepared to meet the needs of your organization. Please review our HIPAA Compliant Hosting  Master Index for an organize menu of our various materials related to this subject.


Related Posts


New York, NY

100 Delawanna Ave, Suite 1

Clifton, NJ 07014

United States

San Francisco, CA

2820 Northwestern Pkwy,

Santa Clara, CA 95051

United States

Orlando, FL

440 W Kennedy Blvd, Suite 3

Orlando, FL 32810

United States

Dallas, TX

2323 Bryan Street,

Dallas, Texas 75201

United States

Toronto, Canada

20 Pullman Ct, Scarborough,

Ontario M1X 1E4

Canada

London, UK

14 Liverpool Road, Slough,

Berkshire SL1 4QZ

United Kingdom

Resources

We use cookies for advertising, social media and analytics purposes. Read about how we use cookies in our updated Privacy Policy. If you continue to use this site, you consent to our use of cookies and our Privacy Policy.