HIPAA Hosting for SQL DB

Adnan Raja
by (138posts) under HIPAA Compliant Hosting
0 Comments

This article looks at recent high-profile HIPAA violations and a discussion about a hosting solution for a Windows SQL database:

  • Major Violations in Hollywood & the New Year
  • Real-World Scenario – HIPAA Consultation
  • How AssistRX Meets its Compliance Needs

Major Violations in Hollywood & the New Year

HIPAA was recently in the news when it was discovered that some of the data compromised by the Guardians of Peace hackers who infiltrated Sony Pictures was protected health information (PHI). Becker’s Health IT & CIO Review noted that the PHI that was accessed “[included] claim appeals submitted to Sony such as diagnosis and disability codes, health plan member IDs, and any health or medical information provided outside of Sony’s health plans.”

Sony is not the only organization coming under scrutiny by the HHS OCR at the beginning of 2015. Elizabeth Snell of Health IT Security mentioned two major revelations already in January:

  • BlueCross BlueShield of Tennessee used the contact information of 80,000 TRH Health Plan subscribers for unauthorized marketing.
  • Safeway Inc. had to pay a $9.87 million civil fine for improper dumping, both of consumer information such as healthcare records and of hazardous waste. The court found that more than 500 Safeway stores had disregarded lawful disposal.

Real-World Scenario – HIPAA Consultation

Consultant:

Tell us about your hosting needs.

Client:

We are investigating hosting solutions that are HIPAA Compliant Hosting. The solution needs to be a Windows based Application Server, SQL Server and Web Server. I see a starter option for $ xxx per month that looks like what we need for an application server. Does this include SQL Server and the Web Server? If not, what are the additions for this?

Consultant:

Thank you for contacting Atlantic.Net. The $ xxx package does not include MS SQL, and it also does not have enough RAM to create the ( 2 )  virtual machines we would need to create inside the dedicated server in order to provide you with SQL and web servers. By using the one dedicated server and virtualizing it, we would maintain HIPAA compliance at the lowest possible cost. We use Hyper-V to virtualize the dedicated server, and the Windows Standard Edition license allows for the creation of ( 2 ) VM’s on a dedicated server.

There is one other thing to consider when using MS SQL, and it is how fast you need the I/O to be on the hard drives. If you need a very fast I/O for the database work, then we would have to add ( 2 ) more hard drives and create a RAID 10 configuration. We would also have to add a high performance RAID card to the dedicated server. If you do not require a fast I/O for the database work, then you can go with the ( 2 ) hard drives and the hardware RAID card we include automatically.

This is the pricing if you DO NOT require the Fast I/O:

  1. MS SQL Standard 2008 R2 or MSSQL 2012 – $ xxx per month
  2. Add an extra 16 GB of RAM to the server – $ xxx per month

This would increase the total monthly pricing to $ xxx per month on a 12-month agreement with no setup fee.

This is the pricing if you DO require the fast I/O:

  1. MS SQL Standard 2008 R2 or MS SQL 2012 – $ xxx per month
  2. Add an extra 16 GB of RAM to the server – xxx per month
  3. Two extra 500 GB hard drives – $ xxx per month
  4. Upgrade to High Performance RAID Card – $ xxx per month

This would increase the total monthly pricing to $ xxx per month on a 12-month agreement with no setup fee.

You do have the option of providing your own MSSQL License. If you do, it would remove the monthly charge of $ xxx per month for the license. Microsoft does not allow us to sell their licenses under our SPLA agreement; we can only lease them to customers under a monthly charge.

Client:

Thanks for the response. One other question: Do you provide SSL Certificates, or would this be something we would obtain and install?

Consultant:

You can purchase the SSL yourself and transfer it, or you can purchase it from us through our engineering department. I have attached the document that details the different SSL’s that we offer. If you  purchase the SSL through us, then we install it for you.

How AssistRX Meets its Compliance Needs

The above interaction is just one real-world example. We help healthcare organizations with their HIPAA compliant needs every day.

One of our newest HIPAA partners is AssistRx. The company’s chief brand & business development officer, Edward Hensley, commented, “We see the unmatched potential and capabilities present in Atlantic.Net’s private hosting platform to build upon our latest innovations and services in a secure and efficient way.”

Besides offering a HIPPA Server, we offer a 100 percent uptime VPS Cloud Hosting solution that can be up and running in 30 seconds or less.

By Kent Roberts


New York, NY

100 Delawanna Ave, Building 1

Clifton, NJ 07014

United States

San Francisco, CA

2820 Northwestern Pkwy,

Santa Clara, CA 95051

United States

Dallas, TX

2323 Bryan Street,

Dallas, Texas 75201

United States

Orlando, FL

440 W Kennedy Blvd, Suite 3

Orlando, FL 32810

United States

London, UK

14 Liverpool Road, Slough,

Berkshire SL1 4QZ

United Kingdom

Toronto, Canada

20 Pullman Ct, Scarborough,

Ontario M1X 1E4

Canada