Jump to content



Photo

Suggest HIPAA Compliant Hosting ?

Answered Go to the full post any suggestions

  • Please log in to reply
8 replies to this topic

#1 Raffye.Memon

Raffye.Memon

    KaRaCh|K|nG555

  • Joined: 16-September 05
  • Location: .::PakIsTan::.

Posted 01 September 2014 - 10:38

Hello, 

     As topic says, I am looking for a good reliable HIPAA compliant hosting, can anyone suggest a good Hosting , VPS Hosting  ??

 

 

Thanks !



Best Answer DaveLegg , 01 September 2014 - 12:21

Softlayer are hippa compliant. they're a great company anyway, and do a lot of government contracts, definitely worth a look. Their compliance page is here: http://www.softlayer.com/compliance

Go to the full post



#2 Barney T.

Barney T.

    Debian Linux: I'm Loving It!

  • Tech Issues Solved: 3
  • Joined: 30-August 03
  • Location: Williamsburg, Virginia

Posted 01 September 2014 - 10:49

HIPAA compliance is very difficult in a cloud environment outside of the medical institution. Special companies such as Cerner host electronic medical record management of their database on off-site servers. Using secure commercial sites (I believe that Amazon hosts some) must be approved and should be thoroughly investigated prior to using them. Many hospitals store patient information on their own network where they can provide security behind their own firewalls. Violation of HIPAA laws results in huge fines, as I am sure that you know. 



#3 OP Raffye.Memon

Raffye.Memon

    KaRaCh|K|nG555

  • Joined: 16-September 05
  • Location: .::PakIsTan::.

Posted 01 September 2014 - 12:16

Thanks for the reply Barney, so you are suggesting that we should have all information on our internal network environment and not host it in cloud ?

 

but what about those hosting sites which says their environment is HIPAA compliant or even PCI complaint, doesn't that mean they have already investigated by concerned authorities which granted them to display HIPAA  logo on their site etc.

 

Regards



#4 DaveLegg

DaveLegg

    Coderator at heart

  • Tech Issues Solved: 19
  • Joined: 31-October 04
  • Location: Oxford, UK

Posted 01 September 2014 - 12:21   Best Answer

Softlayer are hippa compliant. they're a great company anyway, and do a lot of government contracts, definitely worth a look. Their compliance page is here: http://www.softlayer.com/compliance



#5 Barney T.

Barney T.

    Debian Linux: I'm Loving It!

  • Tech Issues Solved: 3
  • Joined: 30-August 03
  • Location: Williamsburg, Virginia

Posted 02 September 2014 - 15:45

Thanks for the reply Barney, so you are suggesting that we should have all information on our internal network environment and not host it in cloud ?

 

but what about those hosting sites which says their environment is HIPAA compliant or even PCI complaint, doesn't that mean they have already investigated by concerned authorities which granted them to display HIPAA  logo on their site etc.

 

Regards

 

I guess that it depends if you are willing to chance it. With the buzz about cloud access and those celeb pics, I think that the whole cloud storage idea is getting a second look. In the U.S. The Joint Commission determines if there has been a HIPAA violation. Not sure about other countries. I would always check to make sure that the site you choose is approved by the medical privacy governing body.



#6 sc302

sc302

    Neowinian Senior

  • Tech Issues Solved: 31
  • Joined: 12-July 05
  • Location: NJ, USA

Posted 02 September 2014 - 15:57

I guess that it depends if you are willing to chance it. With the buzz about cloud access and those celeb pics, I think that the whole cloud storage idea is getting a second look. In the U.S. The Joint Commission determines if there has been a HIPAA violation. Not sure about other countries. I would always check to make sure that the site you choose is approved by the medical privacy governing body.

I work at a pharma, and as far as I know, the FDA frowns upon anything that is in the public cloud.  Everything on there if it is FDA regulated needs to be tested and verified...one of the things is to be able to guarantee 100 percent accountability of your data that it is in tact and cannot be tampered with by anyone other than the business who owns the data.  There cannot be any manipulation, even the manipulation of where it is (colo failover is very hard to test/verify location). 

 

Here is the way we look at it:

http://www.csc.com/l...of_an_fda_audit

 

HIPAA should be looked at the same way, IMO, as a breech can cause harm to the general public. 


Edited by sc302, 02 September 2014 - 19:23. Reason: edited to clairfy public cloud vs private cloud. private cloud is ok, public cloud is not


#7 Barney T.

Barney T.

    Debian Linux: I'm Loving It!

  • Tech Issues Solved: 3
  • Joined: 30-August 03
  • Location: Williamsburg, Virginia

Posted 03 September 2014 - 00:08

^ I agree with this. Thanks for adding it, sc302.

 

Oh, btw, I have been a Registered Nurse for over 20 years and have had my share of TJC inspections. LOL!



#8 spenser.d

spenser.d

    Neowinian Senior

  • Joined: 19-December 03

Posted 03 September 2014 - 03:27

I guess that it depends if you are willing to chance it. With the buzz about cloud access and those celeb pics, I think that the whole cloud storage idea is getting a second look. In the U.S. The Joint Commission determines if there has been a HIPAA violation. Not sure about other countries. I would always check to make sure that the site you choose is approved by the medical privacy governing body.


I wouldn't chance it when it comes to HIPAA personally. Storing that data in the cloud is just asking for trouble. I'm sure there are solutions for it if its a must, but its probably more trouble than its worth.

#9 Anibal P

Anibal P

    Neowinian

  • Tech Issues Solved: 1
  • Joined: 11-June 02
  • Location: Waterbury CT
  • OS: Win 8.1
  • Phone: Android

Posted 13 September 2014 - 14:27

I work for a rather large medical insurance company, we do not really use any cloud services, those that absolutely need to have access to say Drive or Dropbox have to put in special exception requests, all B2B and B2S communication is done using encrypted FTP, and even that is extremely limited and locked down on need basis 

 

They are rolling out a cloud service, but from what I've seen of it it's not for anything HIPAA related at the moment, but that might change and it's a homegrown product, we have to factor State and Federal HIPAA requirements for PHI/PII/IP, so I don't see that being used like that in a while