Atlantic.Net Blog

HIPAA Compliant Hosting for a Web Application – A Real World Scenario

Sam Guiliano
by Atlantic.Net (86posts) under HIPAA Compliant Hosting

Comic: comparison of PHI to phi (the golden ratio)

Medical organizations – including healthcare practitioners, plans, and clearinghouses – are considered covered entities under the Health Insurance Portability and Accountability Act (HIPAA) of 1996. HIPAA was enacted to safeguard the security and privacy of the protected health information (PHI) of patients. Healthcare companies must be compliant with the law to avoid hefty fines. They can choose to work with HIPAA compliant business associates, such as web hosting companies, if they choose.

Just as with any aspect of business, not all IT infrastructure needs are the same. Medical companies require HIPAA compliant hosting solutions for a wide variety of scenarios. A storage environment, a real-time backup system, or a general website solution might be needed. A healthcare company might also want to run an application, with all PHI expertly and redundantly secured.

We offer broad information about HIPAA on our site and have covered the topic regularly on our blog. We also occasionally report scenarios based on actual interactions between our hosting consultants and new customers in this “Real World Scenario” series. Today, we will discuss a client’s request for a HIPAA compliant web application environment.

HIPAA compliant application hosting

Client: We are looking for an appropriate, HIPAA-compliant hosting solution for a product that will involve providing a web application and web service interface for users to save and maintain [omitted for customer privacy] data. Do you have existing customers that have similar products?

Consultant: We provide HIPAA compliant hosting platforms for our customers based on individual specifications. We cannot provide you with specific information concerning what our customers are hosting because we have NDA’s in place for all of our customers. Here is a case study on one customer, though.

Client: How are you prepared to demonstrate to us that you are following HIPAA Hosting compliance?

Consultant: We provide HIPAA compliant platforms, and our healthcare customers host their services on the platform. We have attached a document that will provide you with the smallest environment we can provide based on both a Linux and Windows operating system. The platform has all of the components that are required under the law.

Client: How long have you been following HIPAA compliance?

Consultant: We have been hosting compliant healthcare platforms for over 5 years and we have been in business for 21 years. We have also attached a copy of our Business Associate Agreement for your review. Please list any other specific requirements that you require. We are also available for a conference call if you wish to discuss your needs by phone.

Client: Thanks for your quick response. We want to run an ASP.NET web application and a WCF web service on the hosted web server, and we expect to connect to a hosted SQL Server instance – all of which necessitate a Windows platform.

Consultant: I have attached the formal proposal. It is based on a Windows Hosted Platform. You have a choice of using either Windows Standard 2008 R2 or Windows Standard 2012 R2 as the operating system. If you would like the pricing for MS SQL we will need to know what version you require. You also have the choice of using your own MS SQL license, if you own one.

Client: The difference between virtualized and non-virtualized is unclear to us for our solution – what advantage through your hosting is gained by using a non-virtualized platform as opposed to a virtualized one?

Consultant: The advantage of using a Virtualized system is that we can create two Virtual Machines on one server. One would be the Web Server and the other one would be the SQL server. This would save you money, because you then do not have to deploy individual hardware for each application. Because you are using MS SQL, the one server will need to be a high performance platform, or you will not be able to operate properly. This means that we will need to maximize the amount of RAM at 32 GB, provide four hard drives in a RAID 10 configuration with a High Performance LSI 9260 RAID Card.

Client: Our total storage should initially require 200 Gigabytes at most (not including any backups).

Consultant: In order to create the Web and SQL Virtual Machines on the same server, we will need to use a RAID 10 configuration for the hard drives. This means that we will need to use ( 4 ) 500 GB hard drives, so you will have 1TB of Storage Space available to you – the smallest amount of storage capacity that we will be able to provide with this configuration. The Fully Managed Daily Backup that we provide is not conducted on your server. We complete and store the backups on an external storage device and offer redundant back-up on our SSD Cloud Server platforms.

We have similar conversations every day, as a trusted HIPAA Compliant Web Hosting provider that serves medical companies including Complete Healthcare Solutions. If you need to discuss any HIPAA compliant IT needs, our hosting consultants are available 24/7 to answer any questions. Fully customized solutions are available.

Comic words by Kent Roberts & art by Leena Cruz.

Start Your HIPAA Project with a Free Fully Audited HIPAA Platform Trial!

HIPAA Compliant Compute & Storage, Encrypted VPN, Security Firewall, BAA, Offsite Backups, Disaster Recovery, & More!

Start My Free Trial

Looking for HIPAA Compliant Hosting?

We Can Help with a Free Assessment.

  • IT Architecture Design, Security, & Guidance.
  • Flexible Private, Public, & Hybrid Hosting.
  • 24x7x365 Security, Support, & Monitoring.
Contact Us Now!
Stevie Gold Award Med Tech Award

SOC Audit HIPAA Audit HITECH Audit

Case Studies

White Papers


HIPAA Partners

Recent Posts

Get started with 12 months of free cloud VPS hosting

Free Tier includes:
G2.1GB Cloud VPS Server Free to Use for One Year
50 GB of Block Storage Free to Use for One Year
50 GB of Snapshots Free to Use for One Year

New York, NY

100 Delawanna Ave, Suite 1

Clifton, NJ 07014

United States

San Francisco, CA

2820 Northwestern Pkwy,

Santa Clara, CA 95051

United States

Dallas, TX

2323 Bryan Street,

Dallas, Texas 75201

United States

Ashburn, VA

1807 Michael Faraday Ct,

Reston, VA 20190

United States

Orlando, FL

440 W Kennedy Blvd, Suite 3

Orlando, FL 32810

United States

Toronto, Canada

20 Pullman Ct, Scarborough,

Ontario M1X 1E4


London, UK

14 Liverpool Road, Slough,

Berkshire SL1 4QZ

United Kingdom