Atlantic.Net Blog

HIPAA Compliant Hosting for a Web Application – A Real World Scenario (Continued)

Sam Guiliano
by Atlantic.Net (86posts) under HIPAA Compliant Hosting

Comic: comparison of PHI to phi (the golden ratio)


This interaction between a hosting consultant and client, a two-part installment of our “Real World Scenario” series, continues from the previous post. The client is getting answers to questions regarding an HIPAA compliant web hosted application environment.

Client: Our maximum number of users initially will not exceed 200 – we expect there to be very few users at the outset.

Consultant: This system will be able to handle 200 users with no problem and most likely twice that amount, depending how much total Storage Space you will require in the future. It is simple to add more Storage Space when you need it.

Client: Per our limited understanding of HIPAA, we expect that separate servers for the data (SQL) and the web server will be necessary (but correct us if that is not the case).

Consultant: You will have separate servers, but they will be set up as Virtual Machines on one physical server.

Client: We also understand that an SSL certificate is required on the web server for the web service and web application to encrypt data at the transport layer.

Consultant: That’s correct. We have included pricing for the SSL certificate. The certificate is $150.00. $125.00 of it is the annual fee for the certificate, and $25.00 is a setup fee. We use GeoTrust to provide the SSL certificate, but if you want to use someone else and can find better pricing, you are welcome to provide your own SSL. Either way, we will install the SSL certificate for you.

Client: Do we need to use Transparent Data Encryption on the database? Or do you believe that the server on which our SQL Server database resides will already be sufficiently protected with regard to HIPAA?

Consultant: We are unable to answer this question, because we are unaware of what security protocols your company has in place for their applications, databases, and systems. The majority of our clients do not use TDE on their DBs.

Client: What kind of connections/transactions should we track for the purposes of HIPAA? How much tracking can be done through the host’s provided system, and how much should be done through our own application code?

Consultant: We provide logs that are necessary for the devices within our HIPAA compliant systems.  However, we are unable to answer the question completely, because we do not have complete knowledge of your specific application. Please supply us with more information on your systems, and we will provide specific information that fits your needs.

These are the highlights of our proposal, and what we have proposed is the least expensive solution we can provide that will meet your requirements. HIPAA requires all of below components in order to host in a HIPAA compliant environment:

  1. Fully Managed Hardware Firewall with Intrusion Detection and Log Management / Log Monitoring. Also ( 5 ) encrypted managed VPN’s
  2. Fully Managed Daily Backup for all files and databases
  3. Private Server Hardware with 32 GB of RAM and 1 TB of Storage, configured in a mirrored RAID 10 configuration
  4. 10 TB of Monthly data transfer with a 100 Mbps Port
  5. 24 X 7 X 365 Technical Support by Phone or email
  6. 100% Uptime SLA (Service Level Agreement)
  7. Business Associate Agreement
  8. This Private HIPAA hosting platform will be in an SSAE 16 SOC II audited data center
  9. SSL certificate
  10. Kapersky Anti-Virus.

I have also attached the document that details our Fully Managed Hardware Firewall, Intrusion Detection System, and Fully Managed Daily Backup.

Client: How can you guarantee 100% uptime? Aren’t there situations in which the system will inevitably go down?

Consultant: Our 100% uptime SLA expresses two commitments:

  • Belief in our environments: We believe so strongly in our core infrastructure and the solutions we design for our clients – the levels of redundancy in our networks – that we know downtime will be an extremely rare occurrence.
  • Belief that any downtime is unacceptable: For any of our dedicated hosting solutions, if it takes us more than a short window of time to resolve any issue once a trouble ticket is opened, we will start refunding your monthly fee. Full details are available in our SLA.

Client: Thank you for answering all my questions. I will have the Business Associate Agreement to you later today. Take care.

Consultant: Thank you for using Atlantic.Net for your hosting needs. Please let us know if you have any further questions.


If you are looking for a HIPPA Compliant Hosting solution, Atlantic.Net has the expertise and conscientiousness to guide you through the process. We have 5 years of experience with healthcare compliance and a business track-record spanning two decades. Our solutions are characterized by  peace-of-mind, based on our extensive knowledge of IT hosting and 24/7 live support.  Atlantic.Net has the expertise and conscientiousness to guide you through the process. We have 5 years of experience with healthcare compliance and a business track-record spanning two decades. Our solutions are characterized by  peace-of-mind, based on our extensive knowledge of IT hosting, HIPAA cloud server solutions  and 24/7 live support.

Comic words by Kent Roberts & art by Leena Cruz.

Start Your HIPAA Project with a Free Fully Audited HIPAA Platform Trial!

HIPAA Compliant Compute & Storage, Encrypted VPN, Security Firewall, BAA, Offsite Backups, Disaster Recovery, & More!

Start My Free Trial

Looking for HIPAA Compliant Hosting?

We Can Help with a Free Assessment.

  • IT Architecture Design, Security, & Guidance.
  • Flexible Private, Public, & Hybrid Hosting.
  • 24x7x365 Security, Support, & Monitoring.
Contact Us Now!
Stevie Gold Award Med Tech Award

SOC Audit HIPAA Audit HITECH Audit

Case Studies

White Papers


HIPAA Partners

Recent Posts

Get started with 12 months of free cloud VPS hosting

Free Tier includes:
G2.1GB Cloud VPS Server Free to Use for One Year
50 GB of Block Storage Free to Use for One Year
50 GB of Snapshots Free to Use for One Year

New York, NY

100 Delawanna Ave, Suite 1

Clifton, NJ 07014

United States

San Francisco, CA

2820 Northwestern Pkwy,

Santa Clara, CA 95051

United States

Dallas, TX

2323 Bryan Street,

Dallas, Texas 75201

United States

Ashburn, VA

1807 Michael Faraday Ct,

Reston, VA 20190

United States

Orlando, FL

440 W Kennedy Blvd, Suite 3

Orlando, FL 32810

United States

Toronto, Canada

20 Pullman Ct, Scarborough,

Ontario M1X 1E4


London, UK

14 Liverpool Road, Slough,

Berkshire SL1 4QZ

United Kingdom