HIPAA hipster comic

Healthcare companies must remain “HIPAA compliant” at all times. In other words, they must consistently meet the guidelines of the Health Insurance Portability and Accountability Act of 1996.

The law, especially the Privacy Rule and Security Rule that are contained within Title II of the Act, have created an incredible challenge for medical organizations. Healthcare providers, plans, and clearinghouses – called covered entities under the law – must contract with any business associates that handled their patients’ protected health information (PHI). Essentially, compliance must be maintained via these outside parties as well.

The following installment in our Real World Scenario series covers an interaction between our consultants and a potential client regarding healthcare IT Colocation. Following the transcript of that discussion, we will review several key terms used by one of the two parties.

HIPAA-Compliant Colocation Strategy

Consultant: Tell us about your hosting needs.

Client: I am considering moving 1500 square feet of healthcare computing systems to a colocation facility.  I’ll need HIPAA compliance and 30 kVA of power. Is this something you can help me with? If so, here is my phone number: [omitted]. Please call me soon.

[Consultant calls client, and the email exchange resumes.]

Consultant: Thank you for taking my call. I have two additional questions:

  • Do you require 120 Volt or 208 Volt Power (or a combination of both)?
  • If you require 208 Volt Power, do you require Single Phase or Three Phase Power?

Client: Mostly 208V Single phase. Let’s say 20% 120V Single phase.

Consultant: We will have the pricing over to you today. Thank you.

Client: Okay, thanks for your quick attention.

Consultant: We have attached the formal hosting proposal based on the requirements you provided to us. The basic parameters are highlighted at the end of this message.

We were able to give you monthly pricing for the cage space along with the power. Note that the power pricing is based on providing both A & B sides power. Additionally, we have included the install charge for the power, but the install charge for the cage material is an item we do not yet have priced.

We have also attached a copy of our Business Associate Agreement (BAA) for your review. Alternately, we are willing to sign a Business Associate Agreement from your side after our legal department reviews it if that’s preferable to you.

We understand that at this point, you are looking for a budgetary number. We are willing to work with your organization – in any way that makes financial sense – to accommodate any changes you may require to the pricing model we have provided. Please contact me at any point with whatever questions you may have.

Finally, I have attached a document that will provide you with information on the other hosting services we provide.

HIPAA Compliant Colocation Data Center Parameters:

  • Term: 36-month term
  • Cage Space in Square Feet: 1500
  • Electrical Supply: 30 kVA of Power, applicable each to Sides A & B.

Key terms used above


Short for kilovolt-ampere, a kVa is a unit that measures the seeming power conducted through an electrical circuit. It is equivalent to 1000 volt-amperes. A volt-ampere is understood to be the product of RMS (root-mean-square) current and RMS voltage. These units are only used when describing alternating current (AC) circuits.

Single-phase power

This type of power is exhibited by the alternating current transmitted through a residential electrical outlet. Direct current (DC) is a straight movement of electrons from the circuit’s positive to its negative node. Single-phase power allows electrons to move in either direction as the charge fluctuates – which occurs when power is supplied to any electrical item. Alternating current is used in homes because it is simple and enhances efficiency. Utility companies produce alternating current automatically. Essentially, you would have to change the circuit to allow for direct current, which would require tools and result in the underutilization of your energy supply.

Three-phase power

This is a way to transmit electricity that utilizes three wires, each with its own alternating current.  Each wire’s current only operates during one-third of the cycle. The stability of the power supply is enhanced – versus a system built on a single-phase model – using this technique.

HIPAA guidance – DIY or with 24/7 support

Your HIPAA Compliant Colocation Hosting Plan

We’ve served thousands of colocation clients over the past three decades, and we know exactly what our clients need. We’re confident that if you host with us, your data will be safe – and, more importantly, that it’ll be accessible exactly when and where you need it. That’s a promise.

Thanks to our fully redundant infrastructure and high-quality on-site security, colocation has never given better peace of mind. Colocation clients enjoy an industry-leading service-level agreement that promises 100% uptime – hosting with us means neither your network nor your infrastructure will ever make your data inaccessible. Factor in our superior on-site security, and it’s clear why we’re the logical choice for colocation if you’re in the healthcare industry.

We offer fully-secured, custom-sized cabinets and colocation cage space to be scaled up or down according to your needs.

According to The Health Insurance Portability and Accountability Act (HIPAA), two different types of organizations must ensure compliance: covered entities and business associates. Atlantic.Net falls into the latter category, a third-party entity contracted to handle protected health information(PHI).

To both comply with the law and assure our clients that we’re committed to keeping their information safe, we’ve drafted up a HIPAA Business Associate Agreement. This HIPAA-Compliant document is critical to our relationship with healthcare firms and medical practitioners alike, as it firmly establishes parameters for our use of PHI. The following three components are central to this contract:

  • Business associate’s role – the exact nature of the third party’s interaction with the healthcare data, including any forms of use and disclosure.
  • Limitations – the prohibition of the third party from any forms of use or disclosure not stated in the agreement.
  • Security requirements – the necessity for extensive security technologies and protocols to guard against any unauthorized use or disclosure.

In conjunction with our SOC 2 and SOC 3 certified data centers, our BAA shows that we’re committed to keeping the private healthcare information of our clients both safe and secure. Moreover, it shows that we’re willing to go beyond the minimum compliance standards established in HIPAA. Healthcare businesses who choose us as a host have the peace of mind that can only come from knowing that they’ve partnered with a veteran – and one that’s completely committed to their best interests, at that.

Get started with HIPAA Compliant Hosting from Atlantic.Net!