The following article is part of Atlantic.Net’s “Real World Scenario” series, which outlines common concerns expressed by customers via true-life (anonymous and edited) interactions between our hosting consultants and clients.
This report, like many in this series, is related to HIPAA compliance, a critical concern with healthcare industry technology. Today we cover a customer support interaction in which a web developer is seeking assistance with a HIPAA Compliant Hosting solution for a server, strong enough to support secure and reliable streaming of video and audio.
HIPAA Compliant Streaming Video
I am a web developer with a very small company (only 3 people) asked to create a web-based database application. The client is a financial services company that works with medical associations.
Hundreds of doctors would need to log into the system at any one time from their individual locations. I am uncertain how many data records they would each create, and perhaps 30-50 each is a reasonable guess.
However, the system has the potential to grow dramatically, so any hosting package would need to provide plenty of room to grow: perhaps 10-30K data of records to start. We presume we would use MySQL to create the database.
We need to get a HIPAA server set up, but we need a 1000 Mbps Port. Could you tell me how fast we can have this deployed and what our commitment will be? Do we need a contract? Could we do this month-to-month? We need a server that can support video and voice streaming.
My colleagues and I are concerned about HIPAA requirements. We are interested in finding a web host that would provide a BAA and another backup, encryption, and other requirements needed to comply with HIPAA. We have no experience creating this kind of application and need help.
Attached you will find the formal pricing for the smallest HIPAA platform we can provide. Without knowing what your actual data storage requirements are, we are only guessing if it will work. There is room to grow in the environment by adding more resources to the primary dedicated server as far as RAM and Storage Space. This proposal will at least provide you with pricing for the entry-level HIPAA platform.
There are 2 different pricing options, 12 months and 24 months. The following supporting documents are also attached: Fully Managed HardwareFirewall, Encrypted VPNs, Intrusion Detection System, Fully Managed Daily Backup and the Business Associate Agreement.
These are the highlights of the proposal:
- Linux Centos 6.X 64 Bit Operating System
- Dual-Core Processor / 4 GB of RAM / 160 GB of RAIDed Storage
- Fully Managed Hardware Firewall
- ( 5 ) Managed Encrypted VPN’s
- Intrusion Detection System with Log Management / Log Monitoring
- Fully Managed Hardware Firewall
- cPanel w/WHM control panel for web hosting
- 24 X 7 X 365 Live Technical Support / Phone / Email
- 100 % SLA
- 10 TB of Monthly Data Transfer with a 1 Gbps Port.
Please especially note the inclusion of the 1 Gbps Port (#10 above), as you requested. Our pricing is based on either a 12- or 24-month agreement, but we can provide a Month-to-Month agreement (although that option incurs a small setup fee).
To provide you with pricing, we need the following questions answered. Those answers will also help us establish the time required to set up the hosting platform.
- What Operating System do you require?
- How much total storage space do you require?
- Are there any special software packages that you require?
- Linux Centos/Ubuntu
- It will be video hosting but can be stored in an external location. So 1TB.
- We have to configure a streaming media server on top of the system.
Please let us know the setup fee for a month-to-month or any other fees for 12-month or 24-month contracts.
Here are the answers to your questions, and attached is the updated proposal.
- I included Centos as the OS, but we can also use Ubuntu if you want it.
- I increased the storage space to 1 TB, but it can only be internal to the server.
- You will have to install the software yourself for the streaming media.
I increased the amount of RAM to 8 GB because of your requirement for streaming media. We will be in touch soon regarding a timeframe for deployment.
HIPAA compliant IT business associate
When choosing a HIPAA-compliant web hosting service for your sensitive healthcare data (specifically your protected health information, aka PHI), you deserve an affordable partner with experience and expertise. Atlantic.Net has been in business since 1994, and we have continually increased our focus on HIPAA compliant hosting throughout the last five years. Best of all, our Florida-based data center (which we own and operate) is independently audited using a standard established by the American Institute of CPAs and offers VPS Hosting.
By Kent Roberts