Atlantic.Net Blog

HIPAA Compliant Dedicated Server – A Real World Scenario

Sam Guiliano
by Atlantic.Net (86posts) under HIPAA Compliant Hosting

server comic

In our Real World Scenario (RWS) series, we review interactions between our consultants and clients considering various hosting options. One of our specialized points of focus is healthcare IT, so our RWS articles have covered numerous situations in which medical organizations – practices, plans, or data clearinghouses – are seeking solutions that meet their needs.

Specifically, these companies need hosting environments that are in full compliance with the Health Insurance Portability and Accountability Act of 1996, otherwise known as HIPAA. The vast majority of our information related to this topic is organized through a recently published (April 2014) HIPAA Server Master Index.

This Real World Scenario installment is in two parts/pages, outlining a client’s interest in a dedicated server infrastructure. A transcript based on the conversation between the client and our consultant appears below. Following the transcript (in the second page of the article), we will assess a few of the key terms used by the two parties.

In need of a HIPAA dedicated solution

Client: We are looking for dedicated servers for a HIPAA compliant service. Following are our specifications:

  • Server: Dual Processor Quad Core Xeon 5520 – 2.26 GHz (Nehalem) – 2 x 8 MB cache w/HT
  • Operating System: Windows Server 2012 R2 Standard Edition (64 bit)
  • RAM: 12 GB DDR3 Registered 1333
  • Disk Controller: RAID
  • First Hard Drive: 150 GB SATA Raptor 10k
  • Second Hard Drive: 150 GB SATA Raptor 10k
  • (4) Hard Drives: 4.00 TB SATA III
  • Public Bandwidth: 20000 GB Bandwidth
  • Uplink Port Speeds: 100 Mbps Public & Private Networks
  • Remote Management: Reboot / KVM over IP
  • Primary IP Addresses: 1 IP Address
  • Public Secondary IP Addresses: 8 Public IP Addresses
  • Power Supply: Redundant Power Supplies
  • Anti-Virus & Spyware Protection
  • 100 Mbps Hardware Firewall.

Please send your quote ASAP. Thank you.

Consultant: Thank you for contacting Atlantic.Net concerning your hosting requirements. Attached you will find the official pricing proposal based on the specifications you have provided. We no longer use Dual Quad Core Xeon Processors because the Dual E5 Processors are of equal price and significantly more robust. We also no longer provide Raptor Hard Drives, so we have included ( 2 ) Cachecade 240 GB SSD drives.

We have also included the supporting documents that will detail the following services for this HIPAA compliant platform:

These are the highlights of our proposal:

  1. Fully Managed Hardware Firewall with Intrusion Detection and Log Management / Monitoring. Also ( 5 ) encrypted, managed VPNs
  2. Fully Managed Daily Backup for all files and databases
  3. Dual E5 Hex Core Xeon Processors w/ HT / 16 GB of RAM / 2 X 240 GB SSD Cachecade / 4 X 4 TB ES3 Enterprise SATA RAIDed
  4. 20 TB of Monthly data transfer with a 1 Gbps Port
  5. 24 X 7 X 365 Technical Support by phone or email
  6. 100% Uptime SLA
  7. Business Associate Agreement (BAA)
  8. This Private HIPAA hosting platform will be located in an SSAE 16 audited data center
  9. Trend Micro Deep Security

If you would like to set up a call to go over our proposal, please send me the number to contact you; or send us any questions you may have concerning the proposal.

Client: Good afternoon. Thank you for sending us the pricing proposal. We have received the documents. Could you also send us copies of your audit reports for HIPAA and SSAE 16?

Consultant: Attached is a copy of our SSAE 16 report. I have asked our legal department to provide feedback concerning your question about the HIPAA audit report. I will send you their response as soon as I have it.

Client: I have received the SSAE 16 report, but it is for the period of July 1, 2012, to June 30, 2013. I just wanted to check if you have an updated one. Thank you very much.

Consultant: The SSAE 16 audits are completed in arrears. The next one will be completed by June 30 of this year. If a customer requires a certification that the data center is still in compliance while the new audit is being completed, we then issue a Bridge Letter. Bridge Letters can only be issued to existing customers.

[Client calls Consultant, and they further discuss options.]

Consultant: It was nice talking with you. I have updated the proposal based on our conversation. I added a second server, and I separated the cost of the bandwidth, demarcating it as its own line item.

[Continued on second page.]

Atlantic.Net has been in business for 20 years and has been offering fully customizable healthcare compliance solutions for half a decade. See our HIPAA Compliant Hosting options to learn more about this topic and how we can be of assistance.

Start Your HIPAA Project with a Free Fully Audited HIPAA Platform Trial!

HIPAA Compliant Compute & Storage, Encrypted VPN, Security Firewall, BAA, Offsite Backups, Disaster Recovery, & More!

Start My Free Trial

Looking for HIPAA Compliant Hosting?

We Can Help with a Free Assessment.

  • IT Architecture Design, Security, & Guidance.
  • Flexible Private, Public, & Hybrid Hosting.
  • 24x7x365 Security, Support, & Monitoring.
Contact Us Now!
Stevie Gold Award Med Tech Award

SOC Audit HIPAA Audit HITECH Audit

Case Studies

White Papers


HIPAA Partners

Recent Posts

Get started with 12 months of free cloud VPS hosting

Free Tier includes:
G2.1GB Cloud VPS Server Free to Use for One Year
50 GB of Block Storage Free to Use for One Year
50 GB of Snapshots Free to Use for One Year

New York, NY

100 Delawanna Ave, Suite 1

Clifton, NJ 07014

United States

San Francisco, CA

2820 Northwestern Pkwy,

Santa Clara, CA 95051

United States

Dallas, TX

2323 Bryan Street,

Dallas, Texas 75201

United States

Ashburn, VA

1807 Michael Faraday Ct,

Reston, VA 20190

United States

Orlando, FL

440 W Kennedy Blvd, Suite 3

Orlando, FL 32810

United States

Toronto, Canada

20 Pullman Ct, Scarborough,

Ontario M1X 1E4


London, UK

14 Liverpool Road, Slough,

Berkshire SL1 4QZ

United Kingdom