Atlantic.Net Blog

HIPAA Web/Database Hosting Solution – A Real World Scenario

Kent Roberts
by Atlantic.Net (77 posts) under HIPAA Compliant Hosting


Healthcare companies must be in full compliance with federal regulations in order to avoid fines. The Health Insurance Portability and Accountability Act (HIPAA) contains law applicable to the handling of protected health information (PHI) by healthcare plans, clearinghouses, and practices. Title II of the act includes a Privacy Rule and Security Rule, which are of special concern to covered entities when working with business associates – such as web hosting companies – on their IT architectures.

Along with the general information we provide elsewhere on our site related to the act, we have previously reviewed requests for legal healthcare database hosting solutions in our Real World Scenario series. This series shares common situations experienced by our customers: we provide dialogues based on actual interactions between our hosting consultants and clients. The below installment will explore an additional HIPAA request, to provide a further sense of the attainment of a 100% compliant system.

WordPress Stack

HIPAA hosting solution Q & A

Client: Hello, I need to obtain a price quote on a web/database platform that will be HIPAA Compliant and support the following resources:

Web Server

  • Windows 2008 R2
  • 1 CPU
  • 4GB RAM
  • Drive 1 – minimum 60GB HD
  • Drive 2 – minimum 100GB HD
  • SSL Certificate.

Database Server

  • Windows 2008 R2
  • 1 CPU
  • 4GB RAM
  • Drive 1 – minimum 60GB HD
  • Drive 2 – minimum 100GB HD
  • SQL Server 2008 R2.

Disaster Recovery

  • Web/Database Server
  • Windows 2008 R2
  • 1 CPU
  • 4GB RAM
  • Drive 1 – minimum 60GB HD
  • Drive 2 – minimum 100GB HD
  • SSL Certificate
  • SQL Server 2008 R2.

Consultant: Thank you for contacting Atlantic.Net. The only questions we have are as follows:

  1. Will you be providing the SQL license?
  2. Will you be providing the SSL certificate?

Client: Yes, we have a license for the SQL Server. We do not have an active SSL certificate, though. Please include one in the plan you are recommending.

Consultant: Attached, you will find our formal proposal. Note that the SQL license is not included, but an SSL certificate is. We have also attached a document detailing our hardware firewall and intrusion detection system (IDS), along with a copy of our business associate agreement (BAA) for your review. Here are the highlights of our proposal:

  1. Windows Enterprise 2008 R2 Operating System – which will allow for the creation of up to (4) virtual machines, one more than you require
  2. Dual Core i3-3220 processor with Hyperthreading (which will provide you with 4 virtual cores to work with for the VM’s) / 32 GB of Ram / 1 TB of RAIDed Storage Space
  3. Fully Managed Hardware Firewall w/ 5 encrypted VPN’s
  4. Intrusion Detection System with Log Management
  5. Fully Managed Daily Backup – files / database / VM snapshots
  6. 3220 3.3 Ghz Dual Core w/HT 32 GB of RAM – 2 X 1TB
  7. SATA 3 Black RAID 1
  8. LSI 9240 RAID Card 1
  9. 10 TB of Monthly Data Transfer
  10. 100 Mbps Port Multi-Homed Bandwidth
  11. SSL Certificate
  12. 16 IP’s
  13. Private Hosting Platform
  14. Mail
  15. 24 X 7 X 365 Live Technical Support by Phone or Email
  16. 100 % uptime SLA on all of the services we are providing
  17. Business Associate Agreement (BAA) for HIPAA compliance (based on the inclusion of all the hosting components we have listed)
  18. 12- and 24-month term pricing.

Please let us know if anything needs clarified or you have any further questions.

Client: I’ve noticed that you have SSAE 16 (SOC 1) Type II certification listed as one of your HIPAA attributes. How is that relevant to healthcare computing?

Consultant: That certification is from the Statements on Standards for Attestation Engagements (SSAE), the protocols and parameters of which are designed and revised by the American Institute of Certified Public Accountants (AICPA). It’s a set of auditing guidelines that verifies the integrity of our infrastructure and the mechanisms in place to avoid breach and/or corruption. It generally validates our security.

Client: Okay, I’m also just curious what type of SSL certificate you will purchase and install on our behalf.

Consultant: We use GeoTrust. A 2010 Netcraft survey revealed that SSL certificates provided by GeoTrust are used more than any other brand among the Alexa 1 million (the 1 million sites that receive the most unique visits annually). GeoTrust QuickSSL Premium certificates are also backed by a $500,000 USD warranty.

Client: Thank you for the assistance. I have submitted the BAA to our lawyer and will reach out to you as I know more.

Affordable solutions for healthcare IT

The necessity of healthcare organizations to achieve a HIPAA compliant database requires specialized care from a hosting service. In business for two decades and serving medical organizations with their regulatory concerns for five years, Atlantic.Net has the experience to meet your needs with an SSD Cloud Server so that your patients’ PHI data remain secure and private at all times.

By Kent Roberts; comic words by Kent Roberts & art by Leena Cruz.

Start Your HIPAA Project with a Free Fully Audited HIPAA Platform Trial!

HIPAA Compliant Compute & Storage, Encrypted VPN, Security Firewall, BAA, Offsite Backups, Disaster Recovery, & More!

Start My Free Trial

Looking for HIPAA Compliant Hosting?

We Can Help with a Free Assessment.

  • IT Architecture Design, Security, & Guidance.
  • Flexible Private, Public, & Hybrid Hosting.
  • 24x7x365 Security, Support, & Monitoring.
Contact Us Now!
Stevie Gold Award Med Tech Award

SOC Audit HIPAA Audit HITECH Audit

Case Studies

White Papers


HIPAA Partners

Recent Posts

Get started with 12 months of free cloud VPS hosting

Free Tier includes:
G3.2GB Cloud VPS Server Free to Use for One Year
50 GB of Block Storage Free to Use for One Year
50 GB of Snapshots Free to Use for One Year

New York, NY

100 Delawanna Ave, Suite 1

Clifton, NJ 07014

United States

San Francisco, CA

2820 Northwestern Pkwy,

Santa Clara, CA 95051

United States

Dallas, TX

2323 Bryan Street,

Dallas, Texas 75201

United States

Ashburn, VA

1807 Michael Faraday Ct,

Reston, VA 20190

United States

Orlando, FL

440 W Kennedy Blvd, Suite 3

Orlando, FL 32810

United States

Toronto, Canada

20 Pullman Ct, Scarborough,

Ontario M1X 1E4


London, UK

14 Liverpool Road, Slough,

Berkshire SL1 4QZ

United Kingdom