SSAE 18 SOC 1 SOC 2 (formerly SSAE 16) Certified and HIPAA, HITECH Audited
If your WordPress website interacts with anyone’s electronic protected health information (ePHI), ensuring that your WordPress website is HIPAA-compliant will be critical to your long-term success. By choosing to host your website on Atlantic.Net’s servers, you can rest assured that your data and interactions between devices are shielded by a tough security layer. Furthermore, our installation process is fast and easy, and the entire infrastructure is HIPAA-compliant.
To help you meet and even exceed the parameters of the HIPAA Security Rule for your WordPress site, Atlantic.Net guarantees you the following protections:Fully managed firewall
Our full spectrum firewall guards your network’s periphery against malicious intruders from implementation to a round-the-clock log monitoring. In addition, Atlantic.Net will maintain close oversight of your network gateway points, a robust security response in the event of a breach, and regularly scheduled device health checks.Intrusion detection system
Different from a firewall, IDS monitor network traffic for abnormal activity, such as late-night logins or access to files by unauthorized agents. This security layer compliments the firewall by scanning for attacks that come from within the network. Our IDS meet certification requirements and is in compliance with the American Institute of CPA’s SOC 1, SOC 2, or SOC 3 (SSAE 18).Encrypted VPN
This service protects your data transmission by sending it via an encrypted VPN tunnel. Additional services include SSL web certificates to validate ownership for sites that house access points to sensitive data and client connections.Encrypted backup
Our encrypted backup service takes your HIPAA compliance to the next level, automatically encrypting your data before it is written to a disk using Advanced Encryption Standard 256-bit. Here, each encryption key used to conceal data is encrypted with master keys. AES-256 is the only publicly accessible encryption cipher that’s been approved by the National Security Agency (NSA) to protect top secret information.Log management system
Critical to meeting HIPAA compliance requirements, our log management service oversees the full administration of transmission, analysis, storage, archiving and disposal of your log data.
WordPress Installation in Seconds
Using Atlantic.Net’s One-Click Install, you can install your WordPress website in seconds. All you have to do is choose name, size and location of your server, select the WordPress application, and you’re done! Once your installation is complete, you’ll receive a link to begin setting up your website.
The WordPress application is housed on a LAMP stack using Ubuntu 14.04 LTS. As an option, you can add your SSH key and select backups.
Making sure your WordPress instance is hosted on an secure and stable infrastructure is the first step to ensuring that your WordPress website is HIPAA-compliant. Here are other steps you should take:Risk Analysis
Risk Analysis is still a requirement of the HIPAA Security Rule, so by gathering the necessary knowledge, you are attending to this critical compliance step and taking proactive steps to minimize liability.
To assess the current risks that may be present to your system, you should first clarify the purpose of your WordPress site. Will it be publicly accessible, or was it created for internal purposes? Will you be processing, storing, or transferring any type of ePHI? What security controls and policies are in place to safeguard your data? And finally, what does the threat landscape look like and what are the potential impacts of those threats on your organization?Tools and Plugins
To round off the security process, make your WordPress site meet the following five key control requirements:Access control
WordPress offers a combination of security configurations to help you prevent unauthorized parties from accessing your data. You can modify user roles, or use a plugin module to disable access to certain users.Audit controls
Audit controls allow you to deploy equipment, programs and processes to monitor access points and behavior within IT portals that contain highly sensitive ePHI.Integrity controls
To make sure that the integrity of your data is maintained at all times, install a tool that verifies and reports that no alteration or destruction of data is taking place.Person or entity authentication
Include an authentication method to verify the identity of the person or entity that is accessing your data. At the minimum, confirm that the privileges are valid and transmission devices sound.Transmission security
Add a layer of transmission security to protect against the possible compromise of the electronic protected health information flowing through the system.
Dedicated to Your Success
– Jason Coleman
VP of Information Technology, Orlando Magic
"After evaluating a range of managed hosting options to support our data operations, we chose Atlantic.Net because of their superior infrastructure and extensive technical knowledge."
- Erin Chapple
General Manager for Windows Server, Microsoft Corp.
"Atlantic.Net’s support for Windows Server Containers in their cloud platform brings additional choice and options for our joint customers in search of flexible and innovative cloud services."
Contact an advisor at 888-618-DATA (3282) or fill out the form below.
© 2018 Atlantic.Net, All Rights Reserved.