Suggest HIPAA Compliant Hosting ?


Recommended Posts

Hello, 

     As topic says, I am looking for a good reliable HIPAA compliant hosting, can anyone suggest a good Hosting , VPS Hosting  ??

 

 

Thanks !

Link to comment
Share on other sites

HIPAA compliance is very difficult in a cloud environment outside of the medical institution. Special companies such as Cerner host electronic medical record management of their database on off-site servers. Using secure commercial sites (I believe that Amazon hosts some) must be approved and should be thoroughly investigated prior to using them. Many hospitals store patient information on their own network where they can provide security behind their own firewalls. Violation of HIPAA laws results in huge fines, as I am sure that you know. 

Link to comment
Share on other sites

Thanks for the reply Barney, so you are suggesting that we should have all information on our internal network environment and not host it in cloud ?

 

but what about those hosting sites which says their environment is HIPAA compliant or even PCI complaint, doesn't that mean they have already investigated by concerned authorities which granted them to display HIPAA  logo on their site etc.

 

Regards

Link to comment
Share on other sites

Thanks for the reply Barney, so you are suggesting that we should have all information on our internal network environment and not host it in cloud ?

 

but what about those hosting sites which says their environment is HIPAA compliant or even PCI complaint, doesn't that mean they have already investigated by concerned authorities which granted them to display HIPAA  logo on their site etc.

 

Regards

 

I guess that it depends if you are willing to chance it. With the buzz about cloud access and those celeb pics, I think that the whole cloud storage idea is getting a second look. In the U.S. The Joint Commission determines if there has been a HIPAA violation. Not sure about other countries. I would always check to make sure that the site you choose is approved by the medical privacy governing body.

Link to comment
Share on other sites

I guess that it depends if you are willing to chance it. With the buzz about cloud access and those celeb pics, I think that the whole cloud storage idea is getting a second look. In the U.S. The Joint Commission determines if there has been a HIPAA violation. Not sure about other countries. I would always check to make sure that the site you choose is approved by the medical privacy governing body.

I work at a pharma, and as far as I know, the FDA frowns upon anything that is in the public cloud.  Everything on there if it is FDA regulated needs to be tested and verified...one of the things is to be able to guarantee 100 percent accountability of your data that it is in tact and cannot be tampered with by anyone other than the business who owns the data.  There cannot be any manipulation, even the manipulation of where it is (colo failover is very hard to test/verify location). 

 

Here is the way we look at it:

http://www.csc.com/life_sciences/blog/101149/102505-partly_cloudy_with_a_chance_of_an_fda_audit

 

HIPAA should be looked at the same way, IMO, as a breech can cause harm to the general public. 

Edited by sc302
edited to clairfy public cloud vs private cloud. private cloud is ok, public cloud is not
Link to comment
Share on other sites

^ I agree with this. Thanks for adding it, sc302.

 

Oh, btw, I have been a Registered Nurse for over 20 years and have had my share of TJC inspections. LOL!

Link to comment
Share on other sites

I guess that it depends if you are willing to chance it. With the buzz about cloud access and those celeb pics, I think that the whole cloud storage idea is getting a second look. In the U.S. The Joint Commission determines if there has been a HIPAA violation. Not sure about other countries. I would always check to make sure that the site you choose is approved by the medical privacy governing body.

I wouldn't chance it when it comes to HIPAA personally. Storing that data in the cloud is just asking for trouble. I'm sure there are solutions for it if its a must, but its probably more trouble than its worth.

Link to comment
Share on other sites

  • 2 weeks later...

I work for a rather large medical insurance company, we do not really use any cloud services, those that absolutely need to have access to say Drive or Dropbox have to put in special exception requests, all B2B and B2S communication is done using encrypted FTP, and even that is extremely limited and locked down on need basis 

 

They are rolling out a cloud service, but from what I've seen of it it's not for anything HIPAA related at the moment, but that might change and it's a homegrown product, we have to factor State and Federal HIPAA requirements for PHI/PII/IP, so I don't see that being used like that in a while 

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.