Sign in to follow this  

Suggest HIPAA Compliant Hosting ?

Recommended Posts

Raffye.Memon    21

Hello, 

     As topic says, I am looking for a good reliable HIPAA compliant hosting, can anyone suggest a good Hosting , VPS Hosting  ??

 

 

Thanks !

Share this post


Link to post
Share on other sites
Barney T.    2,100

HIPAA compliance is very difficult in a cloud environment outside of the medical institution. Special companies such as Cerner host electronic medical record management of their database on off-site servers. Using secure commercial sites (I believe that Amazon hosts some) must be approved and should be thoroughly investigated prior to using them. Many hospitals store patient information on their own network where they can provide security behind their own firewalls. Violation of HIPAA laws results in huge fines, as I am sure that you know. 

Share this post


Link to post
Share on other sites
Raffye.Memon    21

Thanks for the reply Barney, so you are suggesting that we should have all information on our internal network environment and not host it in cloud ?

 

but what about those hosting sites which says their environment is HIPAA compliant or even PCI complaint, doesn't that mean they have already investigated by concerned authorities which granted them to display HIPAA  logo on their site etc.

 

Regards

Share this post


Link to post
Share on other sites
DaveLegg    838

Softlayer are hippa compliant. they're a great company anyway, and do a lot of government contracts, definitely worth a look. Their compliance page is here: http://www.softlayer.com/compliance

  • Like 2

Share this post


Link to post
Share on other sites
Barney T.    2,100

Thanks for the reply Barney, so you are suggesting that we should have all information on our internal network environment and not host it in cloud ?

 

but what about those hosting sites which says their environment is HIPAA compliant or even PCI complaint, doesn't that mean they have already investigated by concerned authorities which granted them to display HIPAA  logo on their site etc.

 

Regards

 

I guess that it depends if you are willing to chance it. With the buzz about cloud access and those celeb pics, I think that the whole cloud storage idea is getting a second look. In the U.S. The Joint Commission determines if there has been a HIPAA violation. Not sure about other countries. I would always check to make sure that the site you choose is approved by the medical privacy governing body.

Share this post


Link to post
Share on other sites
sc302    1,382

I guess that it depends if you are willing to chance it. With the buzz about cloud access and those celeb pics, I think that the whole cloud storage idea is getting a second look. In the U.S. The Joint Commission determines if there has been a HIPAA violation. Not sure about other countries. I would always check to make sure that the site you choose is approved by the medical privacy governing body.

I work at a pharma, and as far as I know, the FDA frowns upon anything that is in the public cloud.  Everything on there if it is FDA regulated needs to be tested and verified...one of the things is to be able to guarantee 100 percent accountability of your data that it is in tact and cannot be tampered with by anyone other than the business who owns the data.  There cannot be any manipulation, even the manipulation of where it is (colo failover is very hard to test/verify location). 

 

Here is the way we look at it:

http://www.csc.com/life_sciences/blog/101149/102505-partly_cloudy_with_a_chance_of_an_fda_audit

 

HIPAA should be looked at the same way, IMO, as a breech can cause harm to the general public. 

Edited by sc302
edited to clairfy public cloud vs private cloud. private cloud is ok, public cloud is not

Share this post


Link to post
Share on other sites
Barney T.    2,100

^ I agree with this. Thanks for adding it, sc302.

 

Oh, btw, I have been a Registered Nurse for over 20 years and have had my share of TJC inspections. LOL!

Share this post


Link to post
Share on other sites
spenser.d    1,100

I guess that it depends if you are willing to chance it. With the buzz about cloud access and those celeb pics, I think that the whole cloud storage idea is getting a second look. In the U.S. The Joint Commission determines if there has been a HIPAA violation. Not sure about other countries. I would always check to make sure that the site you choose is approved by the medical privacy governing body.

I wouldn't chance it when it comes to HIPAA personally. Storing that data in the cloud is just asking for trouble. I'm sure there are solutions for it if its a must, but its probably more trouble than its worth.

  • Like 1

Share this post


Link to post
Share on other sites
Anibal P    2,012

I work for a rather large medical insurance company, we do not really use any cloud services, those that absolutely need to have access to say Drive or Dropbox have to put in special exception requests, all B2B and B2S communication is done using encrypted FTP, and even that is extremely limited and locked down on need basis 

 

They are rolling out a cloud service, but from what I've seen of it it's not for anything HIPAA related at the moment, but that might change and it's a homegrown product, we have to factor State and Federal HIPAA requirements for PHI/PII/IP, so I don't see that being used like that in a while 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.