Raffye.Memon Posted September 1, 2014 Share Posted September 1, 2014 Hello, As topic says, I am looking for a good reliable HIPAA compliant hosting, can anyone suggest a good Hosting , VPS Hosting ?? Thanks ! Link to comment Share on other sites More sharing options...
Barney T. Administrators Posted September 1, 2014 Administrators Share Posted September 1, 2014 HIPAA compliance is very difficult in a cloud environment outside of the medical institution. Special companies such as Cerner host electronic medical record management of their database on off-site servers. Using secure commercial sites (I believe that Amazon hosts some) must be approved and should be thoroughly investigated prior to using them. Many hospitals store patient information on their own network where they can provide security behind their own firewalls. Violation of HIPAA laws results in huge fines, as I am sure that you know. Link to comment Share on other sites More sharing options...
Raffye.Memon Posted September 1, 2014 Author Share Posted September 1, 2014 Thanks for the reply Barney, so you are suggesting that we should have all information on our internal network environment and not host it in cloud ? but what about those hosting sites which says their environment is HIPAA compliant or even PCI complaint, doesn't that mean they have already investigated by concerned authorities which granted them to display HIPAA logo on their site etc. Regards Link to comment Share on other sites More sharing options...
DaveLegg Developer Posted September 1, 2014 Developer Share Posted September 1, 2014 Softlayer are hippa compliant. they're a great company anyway, and do a lot of government contracts, definitely worth a look. Their compliance page is here: http://www.softlayer.com/compliance Raffye.Memon and goretsky 2 Share Link to comment Share on other sites More sharing options...
Barney T. Administrators Posted September 2, 2014 Administrators Share Posted September 2, 2014 Thanks for the reply Barney, so you are suggesting that we should have all information on our internal network environment and not host it in cloud ? but what about those hosting sites which says their environment is HIPAA compliant or even PCI complaint, doesn't that mean they have already investigated by concerned authorities which granted them to display HIPAA logo on their site etc. Regards I guess that it depends if you are willing to chance it. With the buzz about cloud access and those celeb pics, I think that the whole cloud storage idea is getting a second look. In the U.S. The Joint Commission determines if there has been a HIPAA violation. Not sure about other countries. I would always check to make sure that the site you choose is approved by the medical privacy governing body. Link to comment Share on other sites More sharing options...
sc302 Veteran Posted September 2, 2014 Veteran Share Posted September 2, 2014 (edited) I guess that it depends if you are willing to chance it. With the buzz about cloud access and those celeb pics, I think that the whole cloud storage idea is getting a second look. In the U.S. The Joint Commission determines if there has been a HIPAA violation. Not sure about other countries. I would always check to make sure that the site you choose is approved by the medical privacy governing body. I work at a pharma, and as far as I know, the FDA frowns upon anything that is in the public cloud. Everything on there if it is FDA regulated needs to be tested and verified...one of the things is to be able to guarantee 100 percent accountability of your data that it is in tact and cannot be tampered with by anyone other than the business who owns the data. There cannot be any manipulation, even the manipulation of where it is (colo failover is very hard to test/verify location). Here is the way we look at it: http://www.csc.com/life_sciences/blog/101149/102505-partly_cloudy_with_a_chance_of_an_fda_audit HIPAA should be looked at the same way, IMO, as a breech can cause harm to the general public. Edited September 2, 2014 by sc302 edited to clairfy public cloud vs private cloud. private cloud is ok, public cloud is not Link to comment Share on other sites More sharing options...
Barney T. Administrators Posted September 3, 2014 Administrators Share Posted September 3, 2014 ^ I agree with this. Thanks for adding it, sc302. Oh, btw, I have been a Registered Nurse for over 20 years and have had my share of TJC inspections. LOL! Link to comment Share on other sites More sharing options...
spenser.d Posted September 3, 2014 Share Posted September 3, 2014 I guess that it depends if you are willing to chance it. With the buzz about cloud access and those celeb pics, I think that the whole cloud storage idea is getting a second look. In the U.S. The Joint Commission determines if there has been a HIPAA violation. Not sure about other countries. I would always check to make sure that the site you choose is approved by the medical privacy governing body. I wouldn't chance it when it comes to HIPAA personally. Storing that data in the cloud is just asking for trouble. I'm sure there are solutions for it if its a must, but its probably more trouble than its worth. Barney T. 1 Share Link to comment Share on other sites More sharing options...
Anibal P Posted September 13, 2014 Share Posted September 13, 2014 I work for a rather large medical insurance company, we do not really use any cloud services, those that absolutely need to have access to say Drive or Dropbox have to put in special exception requests, all B2B and B2S communication is done using encrypted FTP, and even that is extremely limited and locked down on need basis They are rolling out a cloud service, but from what I've seen of it it's not for anything HIPAA related at the moment, but that might change and it's a homegrown product, we have to factor State and Federal HIPAA requirements for PHI/PII/IP, so I don't see that being used like that in a while Link to comment Share on other sites More sharing options...
Recommended Posts